Dean Anderson <dean(_at_)av8(_dot_)com> wrote:
RMX didn't do any of these things, but just created different "hoops" that
the abusers could jump through,
.. to send mail from domains that they legitimately have access to.
This isn't news.
which creating significant impediments for legitimate email
outsourcing.
Which is why great care must be taken in its design and implementation.
With the preceding in mind, how does SPF prevent a virus-infected,
hijacked computer from sending abuse email?
It doesn't. It DOES, however, make them accountable to either the
domain used by the owner of the infected machine, or by a throw-away
spammer domain.
IMHO, MARID (RMX, etc) is about closing a hole in SMTP, which says
"messages MUST be accepted for delivery or bounced", but it makes no
provisions for ensuring that the message CAN be bounced. One
intention behind all of these related ideas is to provably have an
accountable entity which will accept responsibility for messages,
including bounces.
Alan DeKok.