This proposal seems to entail a lot of complexity and work for a result
that is admittedly not 100% effective and will also inconvenience many
end users. There's a much simpler way to verify senders: S/MIME or GPG
signatures. Either or both schemes are already implemented on many
mailers, though they aren't used much. Why not just put your collective
weight behind getting them used?
Because SPF has the potential to stop the spam from being sent on our network
in the first place - all the other schemes you mention entail receiving the
message
before making a decision - from a sysadmin's point of view the damage has
already been done, the bandwidth has been consumed, the cpu cycles spent.
I'm new here too, but I've spent a long time wrestling with MTA methods such as
RBL and being authoritative about recipient addreses, I think adding SPF to the
mix will help cut out a lot of un-returnable spam, and help with viruses that
spoof addresses.
Even if we get just hotmail and yahoo to add SPF records to their DNS it will
be worth it.
With message signatures, no kludgey changes to the DNS or to mail
servers are required. All the work can be done at the end points, and
the choice whether to accept or ignore a certain message is under
recipient control where it belongs.
We're already doing 'kludgy changes to DNS' like MX records, whats a few more
TXT records?
And I can continue to send my email
direct to its recipients from any IP address I happen to be visiting.
With SMTP Auth set up on your 'home' gateway you should be able to send from
anywhere on the Internet via the home gateway, and your emails will look more
authentic having come from the right IP.
-PeterV.
Phil
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡