That's the point -- it's a hop-by-hop scheme. It's _all_
about how much
you trust the one mail server which is sending you mail.
Where before we
had IP-based blacklists, now there are domain-based
blacklists, without
which SPF/SenderID is largely not useful.
I would live with domain based blacklisting. It's easier to manage currently
than IP based blacklisting, until reputation services start to take hold or
other measures could apply to domains - named entities - instead of numbers.
I'm more interested in knowing that example.com is accountable for mail sent
in its name. I can deal with whether example.com is worthy or not later.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>