Don Lee wrote:
It does not provide enough information to make a definitive judgement
about whether email is "legit" - and it never will.
It can be used to make this judgement. If you get a PASS claiming to
be MAIL FROM "me", and you know "me" (in your address book or another
kind of white list), then the mail was likely sent by "me" (or by a
zombie on my box, or by another customer of the same ISP, etc.), but
you can ignore this and hold "me" responsible if it's spam, and let
"me" figure out how to convince my ISP to prevent other users of this
ISP from forging my MAIL FROM.
This is all true, but ultimately the definition of "legit" often hinges on the
definition of "unwanted" , which is subjective. Ultimately, neither SPF - nor
any other purely technical means - is sufficient.
Note the discussion of the newbie recipients who hit the "spam" button
on the clients.
There is a tension between a desire to keep the net "open", and the
desire to limit e-mail to "legitimate" senders. You cannot do both.
Some level of SPAM is an unfortunate byproduct of an open net.
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735