On Tue, Feb 17, 2004 at 10:06:56PM -0500, Theo Schlossnagle wrote:
| SPF on the other hand would work like this:
|
| If the person tries to send mail from @mail.com from that same IP we
| a single lookup:
| mail.com TXT: v=spf1 ip4:.... ip4:... ~all
| This is one lookup every 8 hours (that record has a 28800 second TTL)
| Assuming that you reject message on a soft-fail (~), you can toss the
| connection out here.
Hey! Don't do that! :)
"fail" means reject, "softfail" means score as spam, save to spam
folder, etc.
Domain owners need to be able to transition from "neutral" through
"softfail" to "fail" at their discretion, and we should respect their
wishes.
| So, my logic is as follows. There are more sending IPs than common
| sending domains (at least into my system). The mail.com record gives
| me the chance to reject emails sent "from" mail.com from an IP address
| based solely on my cached mail.com TXT record. I think that SPF
| records are broad and sweeping in the fraud they can prevent while DNS
| RBL is about articulately defining abusers.
Yes, SPF's about authentication, DNSBLs are about reputation.