On Thu, Mar 25, 2004 at 01:59:11PM +0000, Brian Candler wrote:
Implementing SPF breaks perfectly valid and established practices, such as
mail forwarding, and risks losing legitimate bounces.
I have to disagree with you here. Forwarding without modifying the envelope
sender may be an established practice, but I don't believe it's valid. It
may have been once, but I'm not even convinced of that (perhaps it was valid
in the same way that adding a "FIXME:" comment in your code when you notice
a possible buffer overflow is valid)...
For justification, I'd just point out that a message forwarded in that way
is logically identical to a forgery.
If you change E-mail in such a way that legitimate messages are lost, then
you are introducing another problem of the same order of magnitude as spam.
This is only going to be worth doing if it is a *strong* solution to the
problem, i.e. the final benefit will outweigh the cost, and (IMO) SPF is not
a strong solution.
Again, I think you're missing something here. SPF will enable valid mail which
is currently being silently bounced to be either accepted completely, or
alternatively rejected in such a way that the sender will be notified.
If you publish SPF and then send me a mail that otherwise looks "spammy",
that mail is either going to be accepted or bounced. Currently, it may well
end up being silently dropped.
I was going to answer some of the other points too, but I think most have
been more than adequately covered previously. And Brian's not going to be
listening anyway...
Cheers,
Nick