On Mon, 2004-12-06 at 13:11 -0500, Alan DeKok wrote:
You're assuming that messages go from source to destination in one
hop. While this is nice, the current design allows a message to
traverse multiple independent hops, all the while using the same "MAIL
FROM". This has a serious impact on the "blowback" problem, and any
possible solution.
I'm not assuming that. I'm saying that SPF doesn't make the problem any
worse than _other_ schemes will, if they cause the ultimate recipient to
reject mail which the {backup MX, relay, forwarder} does not reject.
SPF and SenderID have many flaws. This one isn't specific to SPF and
SenderID.
Yes, but sharing live information about all of your users with a
backup MX is difficult to do in practice.
That may be your experience; it's not mine.
If nothing else, the spammers are offloading some of their work onto
the backup MX, and using it to attack the primary. This attack has
serious consequences for the robustness of the email transport layer.
Even to the extent that's true, it's not specific to SPF.
--
dwmw2