On December 08, 2004 5:18 AM +00 "Dean Anderson" sent:
Err, no. SPF does make the blowback problem much worse. Other schemes
create a few percent blowback. SPF enables 100% blowback. Thats much
worse.
I hesitate to (re-)enter this thread, and, once again, I'm trying to be fair and
understand the substantive basis for concerns..
It has been argued in SPF circles, that if you receive a message which the
(purported) sender's policy declares to be a hard failure (-), the message is
_proven_ to be a forgery, an unauthorised re-transmission, or whatever.
Since the purported sender has repudiated the message, the argument goes, the
original SMTP 'contract' to "deliver or bounce" is null-and-void, since whoever
actually injected the message did so without the authority of the domain they
cited. Therefore it is acceptable to 'silently discard' such messages, and not
send bounces.
Do you have any sympathy with that reasoning, and would it change your view
about 100% blowback?
Or is there some other mechanism within SPF which accounts for your '100%
blowback' concern?
Chris Haynes