On Apr 18, 2004, at 9:22 AM, Stuart D. Gathman wrote:
I am thinking about doing CBV only when there is no SPF record for the
claimed sending domain. Does this sound like a reasonable policy?
It would encourage domains suffering from lots of CBV probes (with or
without SES) to publish SPF records. I already do SES to prevent
bounce spam.
That doesn't sound very nice. You are going to punish people (due to
fraud) for not implementing something that isn't an official standard.
The whole beef with CBV is that it is unsolicited most of the time.
With SPF (pass) you can argue that it is solicited. So, it makes more
sense to only do CBV if you get an SPF pass as in that case you are
certain that domain wasn't used fraudulently. CBV is controversial,
SPF (arguably) makes its use less controversial as you can eliminate
fraud under certain circumstances.
So, I suppose your logic is sound, but you are harping on the exact
issues that people have with CBV. I don't mind receiving CBV if I am
sending a mail, but I don't like all of those unsolicited CBVs that I
still get.. and our domain implements strict SPF.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth