In <20031014222512(_dot_)GB3619(_at_)arbat(_dot_)com> Erik Corry
<erik(_at_)arbat(_dot_)com> writes:
What SPF does is hijack DNS and use it as a sort of poor mans
verified identity on the net. It's the same service that
sellers of SSL certificates perform, but we are doing it
on the cheap (and likely not as well).
No, SPF does not verify an identity (authentication), it verifies
whether a given IP address is approved for use by a given domain
(authorization). These are two different things.
SPF alone can not solve the problem of a spammer who owns a domain
saying "I approve of <many bad IP addresses> sending email with my
domain name". What SPF can do is give legitimate domain owners a
certain level of protection from being abused by spammers.
*IF* SPF (or a similar system) becomes widespread, that opens up a new
option for judging the reputation for a domain, much like the IP
address is currently judged.. This kind of reputation publication can
*AND SHOULD* be done in many different ways. There can be RHSBLs,
RHSWLs, things similar to Habeas, things like bondedsender, etc.
Having registrars do detailed checking of who registers a domain is
certainly an option, but I suspect it will be either far too costly,
or far too easy to fudge.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡