Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
Those publishing SPF records want their mail to go missing?
Any mail they didn't send.
There is no means to know which recipient may be using a forwarded
account.
Yup. Likewise, there's no way to know who on the net will be
sending spam forged to be "from" your domain.
Forwarding is a common practice within colleges, societies, and many
providers.
As is spamming. As is drunk driving. Having something a "common
practice" doesn't mean it's right.
Validating the legitimacy of an MTA can take place within a single
lookup of a small CSV-CSA record.
Which is a great idea, and has been integrated into SPF.
A single lookup does not increase the risk to DoS attacks, and also
does not create inadvertent loss of mail, as does SPF.
No, "intentional" loss of mail. I intend every single spam which
uses my domain name to be discarded. I would rather have others
discard them than have those people complain to me that I'm spamming
them.
This is not to say SPF is perfect. Other methods do much of what
SPF does, without it's problems.
But as a concept, the domain owner should be able to control the use
of that name. If we can't agree on that, then the only logical
alternative is that third parties can use someones name without their
consent, and therefore forged spam is OK.
Alan DeKok.