Frank Ellermann wrote:
Jim Fenton wrote:
We need to make every effort to make everyone know that publishing
'all' or (particularly) 'strict' is not something that is done
lightly.
+1
It is similar for publishing PRA FAIL and SPF FAIL, so you are
not forced to start this education from scratch. In a nutshell
policies allowing efficient identification of *suspicious* mails
will cut both ways, and limit some uses possible without such
policies.
Unfortunately, I see efforts to encourage publication of SPF/SenderID
-all records without explaining all the implications of that so the
"education" being done there may not exactly be helpful.
I know of tools that are under development to help domain owners
know from where mail from their domains is being sent, and
hopefully this will raise awareness too.
It's possible to use the SPF and PRA "exists" mechanism to figure
this out, but for SSP with its "first author" you'd miss exactly
the interesting cases (for SSP) if you log Mail From or PRA uses.
I'm not sure I understand exactly what you're getting at, but if you
mean that the definition of author/responsible/From domain is different
in SPF, PRA, and SSP, that's true, and if the tool doesn't take that
into account, it might miss some interesting cases.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html