<snip>
On Thu, 9 Sep 2004, Hallam-Baker, Phillip wrote:
Looks to me as if you can still deploy an SPF record that
says that A,
B & C are authentic university of Cambridge mail servers.
What you are
saying you cannot do is to add a final -all to exclude the
universe of
all other mail servers.
That's pretty worthless. What we need is a method of
identifying forgeries, not a method of identifying legitimate email.
<snip>
The glass is half full.
1) When SPF is deployed and used the line between forgeries and
legitimate will be much sharper.
2) In the corporate world, I am actually going to be able to deploy SPF
based on the argument that my MAIL FROM: will not be able to be forged.
3) Which in turn makes all MY email legitimate. This means if anyone
sends with my domain from a source outside of my defined range, you can
identify as a forgery. (I am going to start talking in circles, so I am
going to stop here)
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
ROCKALL: EAST 4 OR 5 BECOMING CYCLONIC, THEN NORTHWEST 5 TO
7, PERHAPS GALE 8 LATER. RAIN LATER. MODERATE OR GOOD.
Regards,
Damon Sauer
*****
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential, proprietary, and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from all computers. 113