On 09/12/04 13:43 +0100, Frank Ellermann wrote:
Matthew Elvey wrote:
SPF is simply a way to enumerate all IPs of
MTAs using HELO do.ma.in or MAIL FROM:<user(_at_)do(_dot_)ma(_dot_)in>
The drafts claim to do a lot more than that.
The essence is PASS - INCONCLUSIVE - FAIL, and for a given
domain and SMTP dialogue any IP is in exactly one of these
sets. Yes, the drafts allow to construct per-user-policies
where the LHS can play a role, and there are a lot of more
or less useful subcategries of INCONCLUSIVE like "none",
"unknown", "softfail", "temperror", and "permerror", but
the essence is PASS - INCONCLUSIVE - FAIL.
SPF is marketed as a way to identify and discard junk email.
That's like most marketing beside the point. I'm very unhappy
if somebody markets SPF as FUSSP, because it's not. Getting a
PASS is easy, only a PASS in cojunction with white lists makes
sense. The real power of SPF as stand-alone solution is FAIL.
Spammers can avoid a SPF FAIL. That's no bug, that's the idea.
How do you define "power user", direct-to-MX maybe ?
No, see comment*.
If your definition of "power user" is "anybody with more than
one address", then my vintage '97 MUA has no problem with SPF:
What about using multiple .forwards or equivalent? Or people using the
bounce feature in mutt?
Devdas Bhagat
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg