--On 21 January 2009 01:04:27 +0000 John Levine <johnl(_at_)taugh(_dot_)com>
wrote:
Don't hold your breath. SPF is dead -- and good riddance, it was a very
stupid idea --
So dead that of hotmail.com, gmail.com, mac.com, apple.com,
microsoft.com, facebook.com, ebay.com only er..., all of them publish
SPF records.
For largely political reasons, Hotmail requires anyone sending a
significant amount of mail to them to have Sender-ID records.
For senders that are on its whitelist, AOL reverse engineers the IP
addresses to whitelist from the sender's SPF records, which is way
easier all around than the former mostly manual system.
Since S-ID falls back to SPF records, most senders just publish one set of
SPF records for both. Note that neither of these are using SPF for its
nominal purpose; I'm not aware of any large system that does.
They're using it for whitelisting purposes instead of its nominal purpose?
That's exactly what I'm discussing. I think SPF has a bad reputation in
some quarters because people think of how it breaks forwarding (etc).
That's a shame, because it has huge potential when it comes to
whitelisting, and therefore reducing false positives in filtering.
Heck, a career change isn't the same thing as death!
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg