Ask Bjørn Hansen <ask(_at_)develooper(_dot_)com> asks:
What would this give them that they don't get from router filters
already?
One may also ask: Why don't all ISPs block outbound port 25 for consumer
grade IP space?
The problem with router access lists (ACLs) is that they are very
inefficient and consume router CPU cycles. Access lists are just not
practical in high bandwidth situations. In addition, each router has
its own configuration file which must be tested, debugged and
maintained. Screw up an access list and you have major problems.
Using SPF in this manner would allow policy changes to made quickly,
easily and with much less pain than changing a router configuration.
Reloading a DNS zone is virtually seamless vs reloading/rebooting a
router which produces a service outage.
In addition, SPF would be much more flexible than an access list which
can only specify raw IP addresses.
One other thing that I forgot to mention in my first post is that using
SPF in the IN-ADDR.ARPA space would also provide SPF for domainless email
addresses of the form: user(_at_)[192(_dot_)168(_dot_)1(_dot_)1]
--
Bob Poortinga K9SQL
Technology Service Corp.
Bloomington, Indiana US