spf-discuss
[Top] [All Lists]

RE: Re[5]: Lawsuits, angry business users, and SPF stupidity.

2004-01-13 07:04:50
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Chris 
Drake
Sent: January 13, 2004 8:51 AM
To: Marc Alaia
Subject: Re[5]: [spf-discuss] Lawsuits, angry business users, 
and SPF stupidity.


Thanks for your clearly put overview.  The problem is that 
"you as the domain owner" is an isolated and comparatively 
rare case. Most people sending emails do so using their ISP's 
domain. They do not own the domain. If they choose to use 3rd 
party tools or products, or to send from elsewhere, or to run 
their own outgoing servers, SPF is going to punish them 
(*and* the 3rd party providers - which is *me* - which is why 
I am against SPF)

We've already had a discussion on this list about this issue, and I think
the conclusion that was reached at the time was that SPF assumes:
A) Domain owners ought to be allowed to determine how their domain is used
(for email purposes)
B) All "legitimate" uses of a domain are known to the domain owner - there
is no grey area where mail is sent through other SMTP servers, but ought to
be considered legitimate by the domain owner
C) Domain owners would not use SPF to harm their users/customers 
D) Users caught in the middle of SPF would be able to seek redress (eg: an
SMTP AUTH relay) from the domain owner
E) Anyone who needs their own email-sending policy different from the domain
owner's should be using their own domain
F) Most domain hosting (and by domain hosting, I mean DNS hosting, web
hosting shops, etc) providers will give domain customers the ability to set
their own SPF policy (as opposed to having the hosting provider set up a
boilerplate SPF record requiring the use of the hosting provider's relay or
something)

If you assume those three things, then SPF makes perfect sense as an
antiforgery mechanism. If, however, you believe that that some of the latter
four are inaccurate, then obviously you're going to have a lot more of a
problem with SPF. 

That said, read the archives: this horse has been beaten, killed, and buried
at least a couple of times before.

Vivien

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com