On Mon, 2004-09-13 at 23:40, Stephane Bortzmeyer wrote:
On Thu, Sep 09, 2004 at 06:48:03PM +0100,
Jonathan de Boyne Pollard <J(_dot_)deBoynePollard(_at_)Tesco(_dot_)NET>
wrote
a message of 28 lines which said:
Does this "we" include those who are, right now, educating people with
the following?
spf.pobox.com contains many marketing promises that
are... careless. (Some people could say "dishonest".) They also keep
pretending that there are "RFCs" about SPF. webmaster(_at_)pobox(_dot_)com
never
replies on such matters.
Nevertheless, here, in the MARID working group, we can say the truth
:-) SPF (or SenderID) does not assert anything about the spaminess of
the message but about its authenticity (a spam can be authentic).
SPF or Sender-ID validates the MTA as authorized to send messages on
behalf of the mailbox domain. Neither of these mechanisms authenticate
the message as originating from the specific mailbox domain. That
assumption of authentication will lead to grievous errors.
-Doug