ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DEPLOY: Permitting '-all' to be used immediately represents a flag day.

2004-09-15 10:11:23
from [Kevin Peuhkurinen] [Permanent Link] 



David Woodhouse wrote:


On Wed, 2004-09-15 at 09:52 -0400, Kevin Peuhkurinen wrote:
Add my name to those that disagree with you. I have "-all" in my SPF records because I am confident that all legitmate business related emails from my company will be sent from the servers specified in my SPF records and none others. 

Your confidence is misplaced. As an example -- if you ever send a mail
to the address 'dwmw2(_at_)infradead(_dot_)org', it's likely to get forwarded to
wherever I happen to be reading my mail at the time, such as an email
address at my current place of employment. Neither you nor the sysadmin
at the final destination may have any idea about the arrangement, which
is an established practice and which has worked for decades.

Breaking this so abruptly would constitute a flag day. Your naïveté
is a prime example of why such records should temporarily be prohibited,
until such time as the rest of the world has adjusted.

By immediately allowing the use of '-all' on domains which actually send
mail, we would promote discord and harm interoperability.
To be brutally honest, unless you are an executive or member of our board of directors or an extremely important customer, I just don't care that much from a business perspective if you don't get my email. I'm not trying to put down your perspective any more than you are mine, but looking at it from a purely business rather than a techie point of view, it's just not my concern that you want to forward your mail AND have your end receiver do SPF checks as well. I'm just telling the world which servers are authorized to send email on behalf of my domains. It's your receiver that's dropping the email and if you are unhappy about not getting your mail, you should take it up with them.
Now, if you could convince me that a large portion of our business contacts would have trouble with this, then I'd reconsider. 


Otherwise, being in the banking industry, I am much more concerned
about stopping forgeries than I am about permitting online greeting
card emails.


Then you should be looking at a scheme which actually offers true
end-to-end verification of identity. You could start by PGP-signing your
output.
PGP signing my output would do next to nothing to stop phishing style forgeries.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DEPLOY: Permitting '-all' to be used immediately representsaflagday., Mark
Next by Date:  Re: HELO and Unified, Jim Fenton
Previous by Thread:  RE: DEPLOY: Permitting '-all' to be used immediately represents aflag day., terry
Next by Thread:  Re: DEPLOY: Permitting '-all' to be used immediately represents a flag day., David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]