In <87pta2r0b4(_dot_)fsf(_at_)athene(_dot_)jamux(_dot_)com> "John A. Martin"
<jam(_at_)athene(_dot_)jamux(_dot_)com> writes:
"Wayne" == Wayne Schlitt
Wayne> The explanation text is a way for domain owners to
Wayne> communicate with the users of their domain.
Wayne> Consider the case of [extreme example deleted]
Is this a solution looking for a problem?
Good question. I think the answer is "no, it is a useful solution for
a non-trivial number of people".
I took a look at some old SPF adoption roll data. While only about
0.5% of the domains had exp= modifiers, many of them give specific
information that legitimate users would likely want to know. For
example, one lists a toll-free number call, another lists the contact
email address to help resolve problems. Some list domain-specific
websites to visit.
There were a few that aren't particularly helpful, such as the
chepelov.org example you found.
Wayne> Again, the only people who will see the explanation text
Wayne> are spammers and such who have forged the domain name and
Wayne> legitimate users of the domain name that need to be given a
Wayne> clear explanation *to them* about the correct use of the
Wayne> domain name they are using.
And anyone else that can listen to what is on the wire.
Uh, I guess if you are worried about people who can wire-tap your
connection *AND* they will get confused by SPF explanation texts *AND*
this confusion will cause you serious problems, then I think it would
be best for you to reject all SMTP connections that don't use
STARTTLS.
I'm pretty anal about security issues, but I'm having a hard time
seeing this as a problem.
-wayne