Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
Publishing SPF, even offering low levels of "server authorization," is
mistakenly viewed by some as "sender authentication" of the domain.
Publishing SPF provides these recipients with what they believe to be
confirmations, albeit flimsy, that your domain has actually sent the
message. Publishing any SPF record unfortunately exposes your domain to
these widely promoted, but contemptibly false assumptions.
Let's correct the false assumptions then, rather than throwing out
the proposal. Many people believe putting their computer on the net
is OK. When they get viruses, the answer isn't to ban the net, it's
to fix their beliefs.
Not offering this damning confirmation is the only sure means to avoid
being assessed in this manner.
Not giving people tools is the best way to ensure they won't hurt
themselves.
I find it curious that there's opposition to a "harmful" proposal
like SPF, but the "harmful" practice of sending unauthenticated email
from anywhere on the net is called "roaming", and is deemed to be a
requirement of SMTP.
Weird.
All I know is that SPF has harmed me a lot less than "roaming" has.
The endless dribbles of email from clueless people to "postmaster" or
"webmaster" claiming that my domain has spammed them is tiring.
Alan DeKok.