In <407C45E2(_dot_)3030908(_at_)smxy(_dot_)org> "Shaun T. Erickson"
<ste(_at_)smxy(_dot_)org> writes:
David Woodhouse wrote:
On Tue, 2004-04-13 at 14:14 -0400, Shaun T. Erickson wrote:
However, I'm seriously considering scrapping it. This is because my
system forwards mail for some clients, which means I need to
impliment SRS.
You also need the rest of the world to implement SRS, not just
yourself.
This is misleading. The rest of the world does not need to implement
SRS in order to protect the email you forward.
The only thing I can read from that, given that the rest of the world
has *not* implimented SRS, is that SPF is not ready for prime time
yet, as it breaks forwarding and there is nothing in place to fix
that, that anyone is ready/willing to impliment.
It would seem that perhaps I shouldn't use it, until it is a complete
solution. It looks very promising, but I can't use something that
breaks valid email. :-/
For better or worse, it makes no difference to the people you forward
email for if you publish SPF records and/or check SPF records. People
you forward email for will still have problems if the destination
domain checks for SPF records.
I'm sure that David Woodhouse will say that this is for the worse, but
the fact of the matter is that there are already mail admins that are
doing SPF-like checks on an ad-hoc basis. SPF just accelerates this
trend and there is no indication that this trend is slowing down.
So, whether you choose to do anything with SPF or not, you will likely
need to do something like SRS anyway. As Meng points out, this is an
area that needs more work done ASAP.
-wayne