On Wed, Apr 14, 2004 at 11:57:18AM +1000, Neil Brown wrote:
|
| If SRS ever becomes near-universal, then maybe SPF-fail => reject can
| be implemented without concern, but I don't see that happening very
| quickly. For now, anyone who rejects email simply because SPF
| checking reports Fail is risking losing genuine forwarded mail. This
| is clearly the fault of the system that rejects SPF-fail, not the fault
| of the system which asserts "!all" in their SPF record.
|
Thank you for the excellent summary.
As a practical note, I would like to point out that on the scale of the
ecosystem, relatively few early adopters have implemented SPF so far.
Any early adopters that are experimenting with it shouldn't have too
much trouble putting in things like client IP whitelisting, possibly
even on a per-user basis. And that's enough to do solve the problem
using the "known forwarders" approach.
So we shouldn't worry too much about forwarded mail not getting through
even before SRS. If it turns out to be a problem, well, ... forwarders
need to be aware that even today there are many antispam systems that
already do pseudo-SPF and will silently discard mail from the major
webmail providers if it doesn't look legit enough. To them, SPF is just
a standard way to do what they're already doing.
In other news, I have chatted with James and Shevek, two of the major
leaders of the SRS project; James just started a new job; Shevek's
laptop died recently but the replacement's coming this week. I expect
SRS to make significant progress in the next few weeks.