-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <1448858775386-ceecd236-8b11ac04-a03b4438(_at_)fugue(_dot_)com>, Ted
Lemon <mellon(_at_)fugue(_dot_)com> writes
Do
you seriously think that Google has special-case header parsing to deal with
spam from Cornell students' infected computers? No, they just use machine
learning.
... and one of the things that the ML will be processing will be the
(tokenised contents of the) header fields... so having a pattern (of any
kind) within the header fields has the potential to be extremely helpful
in distinguishing good from bad
SPF allows me to discard all messages that claim to be from domain X but come
from IP addresses not listed for domain X, which means that I never have to
write a Received: header for that message.
It rather escapes me how one of your users will be able to determine
whether you received the email from a domain which had SPF at the time
at which you received it unless you record that information along with
the email (or do you think that DNS results are constant for all time?)
If you're relaying the email on to somewhere else then you're assuming
that there's a mechanism by which your policy regarding SPF becomes
known to those other people.
I'm unaware of such a mechanism existing at the moment -- and (this
might be relevant to charters, albeit I really don't think that there's
any real mileage in this topic at all) that although we have a scheme
for originators of email to publish policy recommendations about the
handling of email from their domains we don't have a similar policy for
relaying machines (and absent a Received header field it's unclear to me
what indicator we'd use to look up what that policy was).
If there is no SPF for the domain
that sent the message, I would like to just discard it as spam, but that's not
safe to do because so many small sites don't implement SPF or get it wrong.
But in any case where there is no SPF record, the site is definitely not
trustworthy:
that's a shame, I consider myself very trustworthy and I've never
bothered with SPF :-(
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBVlw7VOINNVchEYfiEQLyGQCghamhwwd4RueAaba0LQpvriswU54AoLwO
DeHiYX3uumCKRBVmKY6zN4j9
=TXrC
-----END PGP SIGNATURE-----
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp