On Thu, Jan 22, 2004 at 11:58:00AM -0500, Jameel Akari wrote:
| On Thu, 22 Jan 2004, Marc Alaia wrote:
|
| > Does anybody know if they are checking inbound messages?
|
| I don't think they are. Somebody joe-jobbed my domain sometime last week,
| and all the bounces I get back to my postmaster address are from AOL. I
| have valid spf records.. if they were checking them inbound, they would
| have rejected the joe-jobbed messages.
|
| I really wish that they had been.
There are a couple of reasons for the delay.
- If forwarding services like pobox.com did not exist, and
- If "email me this news article" sites didn't forge return-path, and
- If every user at every domain dialed home to their SMTP server,
then everybody would publish -all and everybody would check SPF inbound.
But right now everybody's waiting for the 1% of legitimate people to
adapt, and then the 99% of everybody else can benefit. You don't want
to block legitimate messages because that really, really upsets
end-users.
It's an issue of friction. That's why there's a need for a huge
educational effort. We can try to do this at the grassroots level, but
it would help tremendously to get the big players involved, because they
have deep pockets. For instance, it would really help to translate the
"what is SPF? how to do SPF?" documents into many languages, to
education domain owners who don't speak English. This is hard to do.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡