SPF on its own, as currently written will have no medium or long term
impact on spam other than joe-jobs and bounces and bandwidth.
The same is true for the non-open Microsoft and Yahoo derivatives.
That's why I started the "[Asrg] LMAP: RHSBLs better than what we have
now?" thread.
Doug Royer allegedly said:
>Benefit - saves time by allowing automated tools to track spam sources.
><I can write tools that always get contact information given a domain
name, but can't given an IP.
I believe that's false. Both ARIN et. al. info and domain info is
fairly often bogus. Registrars ignore blatantly false info in both,
unless there's been a recent change I'm not aware of.
So I don't believe switching from one to the other is likely to to be a
benefit.
I have personal knowledge that getting a spammers IP contact info or
domain contact info corrected when it's obviously false or nonexistent
is often difficult (i.e. involves more than a single complaint filing
for action to occur.) even when reported properly to the proper authority.
Apropos From: vs Sender: vs HELO vs MAIL FROM -
Harry's argument for From: being an important thing to protect because
it's what the user sees is spot on. I think the folks who just want to
protect HELO or MAIL FROM have failed to explain why From: is not
feasible to protect. Neither bandwidth nor the algorithm the receiving
MTA needs to implement are significant impediments. The amount of work
that needs to be done to make legit sending MTAs all compliant is
what'll vary, and it is far from 0 even for HELO protection. What work
does each entail, exactly? SRS isn't equally applicable...