[Top] [All Lists]

Re: SPF I-D for review: draft-schlitt-spf-classic-01.txt

2005-05-25 10:44:13

On Wed, 25 May 2005 11:26:32 -0400, Bruce Lilly <blilly(_at_)erols(_dot_)com> 

Also, the specific
recommendation of -all is at the heart of the fundamental problem that
the mechanism is hostile to mobile users.

I think the whole problem of forging senders' email addresses means that the only effective ways to combat it ARE going to be 'hostile' to mobile users who can't relay through their home mail server - or are going to require message signing using certificates from approved authorities.

Maybe SPF (or something like it) should allow signed messages to 'override' SPF - so mobile users from domains can fall back to message signing, without requiring that overhead for the majority of users who either aren't mobile, or who relay through their home mail server (as we do when we're mobile), so for whom the basic SPF will work effectively.