On 1/24/11 6:14 PM, Dotzero wrote:
Mike,
>
> An SPF failure can not be trusted to be an indicator of spam. DKIM signing
> is almost never assured, especially when handled by third-party services.
> As such, these mechanisms failing alone or together still do not offer a
> safe basis for rejection. Of course both passing means nothing as well.
Doug, there are plenty of people with real world operational
experience that would disagree with you. You state that failing means
nothing and passing means nothing. If that is true, why are there a
significant number of implementers using this approach successfully?
Defeating spam requires the reputation of SMTP clients be weighed for
rejection or acceptance! SPF failures say little about an SMTP client.
DKIM failures also say little about the SMTP client because either
mechanism MUST be allowed to fail to retain email delivery integrity.
When failure of SPF or DKIM offers scant basis for judging an SMTP
client, they are useless as a mitigation tool. Ipso facto, their
passing therefore provides little meaning as well, since mitigation must
be based upon reliable mechanisms. Overlapping results must be
considered a mere distraction from what is needed to mitigate spam. In
rare cases, DKIM may play a role in preventing spoofing, but this can
not be considered a significant component of spam mitigation.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg