On Thu, Jan 22, 2004 at 12:50:35PM -0500, Meng Weng Wong wrote:
| On Thu, Jan 22, 2004 at 09:49:31AM -0600, wayne wrote:
| |
| | What is the problem with using "exists:%{ir}.query.bondedsender.org" or
| | "-exists:%{ir}.sbl.spamhaus.org"? Why does anything new need to be
| | added to SPF?
|
| Authentication says the mail is really from you.
|
| Accreditation says you're worth getting mail from.
But the real question is who do you believe. If the spammer says "yes, it
really is me, and I'm really a good guy", do you believe him?
If the spammer admits the connection is coming from him (SPF can help this
determination), that's authentication. But even with that, do you still
trust "... and I'm really a good guy"? If the SPF (or other) records that
come from the spammer himself accredit him (such as with the DMA), do we
accept that? I know I won't.
I think the Accreditation model itself needs some work. Self-accreditation
is not appropriate. Self-referenced-accreditation isn't any better. Yet it
seems that's exactly what some big corporations propose.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡