I thought SPF was supposed to be platform-agnostic but your
comment here seems
to be informed by a very PC-centric single-user-model view.
I never gave end users access to servers of any kind when I ran
UNIX systems.
I don't think we need to go to the process level. In the first place
I don't think it can be enforced. You are proposing to use an
untrustworthy unauthenticated service for this information.
Secondly if someone is on a machine licensed to send from example.com
then that is good enough. Trying to go beyond that is too much.
There are Windows versions here:
http://identd.dyndns.org/identd/
http://sourceforge.net/projects/identd/
And how likely are they to be secure?
Just because UNIX is the most commonly used mutli-user system
and hence the
most common identd user is no reason to say it is UNIX-specific.
I would turn intd off on a unix box as well, far too much
info for hckers.
Is ident likely to make it through a firewall? This is the
type of service I
would turn off both incomming and outgoing.
It depends on how you configure the firewall, which in turn
depends on what
you want. Like whether or not you wish to support ident.
The client queries will almost certainly break because most
companies will not allow inetd queries.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡