ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: Disaster looming: SPF

2004-12-09 12:12:28
On 09/12/04 13:43 +0100, Frank Ellermann wrote:
Matthew Elvey wrote:

SPF is simply a way to enumerate all IPs of
MTAs using HELO do.ma.in or MAIL FROM:<user(_at_)do(_dot_)ma(_dot_)in>

The drafts claim to do a lot more than that.

The essence is PASS - INCONCLUSIVE - FAIL, and for a given
domain and SMTP dialogue any IP is in exactly one of these
sets.  Yes, the drafts allow to construct per-user-policies
where the LHS can play a role, and there are a lot of more
or less useful subcategries of INCONCLUSIVE like "none",
"unknown", "softfail", "temperror", and "permerror", but
the essence is PASS - INCONCLUSIVE - FAIL.

SPF is marketed as a way to identify and discard junk email.

That's like most marketing beside the point.  I'm very unhappy
if somebody markets SPF as FUSSP, because it's not.  Getting a
PASS is easy, only a PASS in cojunction with white lists makes
sense.  The real power of SPF as stand-alone solution is FAIL.
Spammers can avoid a SPF FAIL.  That's no bug, that's the idea.

How do you define "power user", direct-to-MX maybe ?
No, see comment*.

If your definition of "power user" is "anybody with more than
one address", then my vintage '97 MUA has no problem with SPF:

What about using multiple .forwards or equivalent? Or people using the
bounce feature in mutt?

Devdas Bhagat

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg