On Wed, 2004-09-15 at 09:52 -0400, Kevin Peuhkurinen wrote:
Add my name to those that disagree with you. I have "-all" in my SPF
records because I am confident that all legitmate business related
emails from my company will be sent from the servers specified in my SPF
records and none others.
Your confidence is misplaced. As an example -- if you ever send a mail
to the address 'dwmw2(_at_)infradead(_dot_)org', it's likely to get forwarded to
wherever I happen to be reading my mail at the time, such as an email
address at my current place of employment. Neither you nor the sysadmin
at the final destination may have any idea about the arrangement, which
is an established practice and which has worked for decades.
Breaking this so abruptly would constitute a flag day. Your naïveté
is a prime example of why such records should temporarily be prohibited,
until such time as the rest of the world has adjusted.
By immediately allowing the use of '-all' on domains which actually send
mail, we would promote discord and harm interoperability.
Otherwise, being in the banking industry, I am much more concerned
about stopping forgeries than I am about permitting online greeting
card emails.
Then you should be looking at a scheme which actually offers true
end-to-end verification of identity. You could start by PGP-signing your
output.
--
dwmw2