Dean Anderson <dean(_at_)av8(_dot_)com> wrote:
I don't see how reputation has anything to do with SPF. The domain owner
simply puts in an SPF txt record. Entities of bad reputation can easily
create SPF records.
When MTA authentication is used *correctly* in conjunction with
anti-spam systems, publishing those records doesn't help "entitites of
bad reputation".
Publishing the records allows any recipient to know when originators
are non-authentic. So if spammer A decides to forge the domain of
spammer B, and spammer B publishes authentication records, you can
catch that forgery. But it doesn't, and shouldn't, help a spammer
send messages from their own domain.
The authentication and accountability aspects of SPF are illusory and are
not achievable in the SPF proposal as it stands, nor can DNS be used to
achieve these goals. This subject has been discussed at length on the
DNSOP and DNSEXT lists, and it is generally agreed that DNS cannot be the
basis of authentication.
MX records say "this is the authentic place to send mail for the domain".
RMX records say "this is the authentic place mail comes from for the domain".
I don't see why the records are drastically different in scope.
Alan DeKok.