On October 19, 2004 at 17:14, ddewey(_at_)cyberthugs(_dot_)com wrote:
AOL is not (yet) blocking based on SPF alone, although it is one of the
criteria they use. I spoke to someone at the office of the postmaster at
AOL. The domain whitelisting is much more important in getting mail through
to AOL than SPF is at this moment, although that will change. As was said,
though, SPF is easy enough to implement espescially if you control your own
dns so you might as well get it done.
AOL has been whitelisting domains for awhile, and it even does special
arrangments with bulk commercial mailers to created a specific set of
dedicated SMTP connections that they send mail through.
SPF has momentum because it has backing of major (ISP) players in the
industry. It is debatable on how effective it will be in dealing with
the spam problem (see the IETF ASRG mailing list for some discussion on
it). Completely blocking of email from domains that do not have SPF
records cannot be done yet until wide-spread adoption is obtained. Email
is still the "killer app" of the Net, so ISPs are concerned about
blocking too much mail that may upset its users.
Yahoo's Domain Keys is an alternative-complementary proposal, but has
some major technical problems with the initial draft they proposed.
However, such problems are solvable. I think if DK is cleaned-up, it
can be very useful and allows for trusted-third-party models.
Sometime in the near future, you will probably see stamped email.
I have some direct personal knowledge of one effort in the development
of a stamped email system (since I wrote the main technical document
for it). IMO, I think stamped email (with the proper business model)
has a market among ISPs and big bulk commercial emailers, but stamped
email has scalability problems to individual people (i.e. P2P), with
such problems not just be technical, but socio-economical.
I am no longer involved with the development of the system, so I do not
know what the final product will look like or how well it will work.
The stamping and verification process is fairly straight-forward to
implement (taking extreme care with the security aspects), so the real
determining factors are the purchasing and financial models that are
used and the costs associated with supporting such models.
AOL's 'postmaster' support people are surprisingly helpful and cooperative,
and actually follow up to make sure things work. Maybe that shouldn't be
surprising, but it wasn't my expectation prior to calling them.
That is new. In the past, especially with the past issue of AOL
users having problems with MIME messages, AOL support sucked, with
the Net community bearing the brunt of AOL users seeking help (including
me receiving personal email from AOL users asking for help about MIME).