Agreed, spoofing from mutliple sites will continue to be a problem.
However, we see SPF as a rebranded RMX test, which will still be spoofable and
inadequate to stop the problem. Moreover, much in the same way that RMX could
have been a suitable measure against the problem, the difficulty of
implementation, lack of user configuration, the fact that the information
ispublicly available via specialized DNS queries, and poor adoption will
present the same problems for SPF.
bill
---------- Original Message ----------------------------------
From: Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
Date: Tue, 20 Apr 2004 17:47:18 -0700
On Tue, 2004-04-20 at 17:12, Bill Mcinnis wrote:
<snip>
You're absolutely right that a spoofing system could slam a receiving
system with illegitimate emails, but that could happen in any embodiment.
Consider spoofing not from a single system, but tens of thousands of
systems. This is the problem as it exists today. There are methods for
providing individual mail validation but this is not part of the
charter. I see SPF as a possible solution, whereas your proposal fails
to address the basic issue.
-Doug