Matthew Elvey wrote:
SPF breaks MUCH MORE than is necessary to achive sender
authorization and authentication.
That's not true. SPF is simply a way to enumerate all IPs of
MTAs using HELO do.ma.in or MAIL FROM:<user(_at_)do(_dot_)ma(_dot_)in> while
talking to (one of) the MX of the receiver. You can check it
there, or forget it, but don't try to check it behind your MX.
A bigger problem is the ISP end-user support nightmare
looming around the corner: the reconfiguration of every power
user's MUA, since SPF breaks their current configuration.
How do you define "power user", direct-to-MX maybe ? In that
case he has his own (e.g. DynDNS) domain with his own sender
policy. Or without a sender policy but still his own domain.
(And he has an MX with a static IP, but that's another story).
It's not going to happen.
Just watch while it's happening, worms and spammers daily forge
addresses of innocent bystanders, and everybody hit by the side
effects of these forgeries is an SPF addict within hours. Bye.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg