spf-discuss
[Top] [All Lists]

Re: list of who's checking SPF

2004-04-16 11:52:27
On Fri, 2004-04-16 at 11:51, Meng Weng Wong wrote:
On Thu, Apr 15, 2004 at 05:28:19PM -0500, Dustin D. Trammell wrote:
| Possibly even a nice spf.infinitepenguins.net chart to track the numbers
| like the SPF adoption roll for publishers...  I'm just about as
| interested in who is checking SPF than who is publishing, if not more at
| this point...  Wechsler?  Thoughts on a sister-chart for the Adoption
| Roll?

  http://spf.pobox.com/slides/apcauce2004/6000.html

which I am going to try to evangelize from now on.

Might want to change the last line (December) to "Spoofers/Forgers give
up, go home." (:

Also, it's harder to tell if a receiver is checking SPF because you may
not always get a "deny" --- they may choose to accept the message anyway
and just factor it into an algorithm.

So maybe a list of "who's checking SPF" should wait a few months for
when we've crossed the chasm.

I completely agree with you here, but I was just suggesting a list
similar to the adoption roll, which is populated with domains of people
who /want/ to add themselves to the list, not a list that's generated by
a test against a mail server (where you may not get a 'deny').

Also, such a list may help us cross the chasm by demonstrating to the
early majority that there are servers already checking SPF.  While right
now this list will most likely be populated by the early adopters, and
at that only the ones that choose to add themselves to the list,
hopefully as the number grows the list will transition from being
populated by early adopters to early majority, which will make a
stronger case to the rest of the early majority.  I see the same thing
happening with the current adoption roll, it's just farther along the
path.

Personally, I don't mind at all telling people which of my recipient
domains are checking SPF (the list could be populated either with mail
servers themselves or with recipient domains that are handled by SPF
checking servers, I prefer the latter).  What I /would/ have a problem
with is listing which implementation of SPF I'm using, what I do with
the results, etc.

-- 
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.


<Prev in Thread] Current Thread [Next in Thread>