On 10/21/11 10:19 AM, David Romerstein wrote:
On 10/21/2011 1:07 PM, Steve Atkins wrote:
The bigger issue is that you shouldn't care about SPF failing. An SPF
pass
provides somewhat useful data, an SPF fail means absolutely nothing.
That is not ENTIRELY true. Under the proper circumstances, an SPF
failure should indicate that NDRs should not be sent to the purported
'Reply-To' or 'Return-Path' addresses.
But, yes, in an "is this spam or not" sense, SPF fail means nothing.
The same problem may occur when traversing a carrier's LSN. In which
case, dropping NDRs and not accepting messages will negatively impact
email integrity. With a high level of shared MTAs, an SPF pass or fail
should also be considered equally untrustworthy thanks to the efforts by
malefactors.
There is an ongoing effort to combine SPF and DKIM to establish
reputation. DKIM excludes who sent the message and intended recipient.
Will that mean DKIM signatures and SPF authorizations must be by same
domain? Either scheme may induce an inordinately large number of
transactions. Soon only the services of white-listed large providers
will be a way out of this morass.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg