In <1082141547(_dot_)2949(_dot_)22(_dot_)camel(_at_)zelda(_dot_)corporate>
"Dustin D. Trammell" <dtrammell(_at_)citadel(_dot_)com> writes:
On Fri, 2004-04-16 at 11:51, Meng Weng Wong wrote:
So maybe a list of "who's checking SPF" should wait a few months for
when we've crossed the chasm.
I completely agree with you here, but I was just suggesting a list
similar to the adoption roll, which is populated with domains of people
who /want/ to add themselves to the list, not a list that's generated by
a test against a mail server (where you may not get a 'deny').
I think it is unwise to publish such a list of people using SPF until
such time as most SPF implementations do not have Denial of Service
attack problems.
Of all the SPF implementations that I can check, only libspf-alt
doesn't have any DoS problems that I know of. I can not evaluate the
closed source SPF implementations. Even libspf-alt most likely has
security problems. While the initial release of libspf-alt had some
of the biggest holes patched, I discovered a couple of others that
weren't fixed until v0.4.
-wayne