David Woodhouse wrote:
Basically, SPF does not work with today's email system -- it requires
everyone to start using SMTP AUTH (even when it's firewalled), and it
also requires some even more convoluted behaviour when forwarding email.
Only then does it work without any false positives such as the one you
pointed out.
Mr. Woodhouse, why do you dislike SPF so much?
Perhaps you simply do not understand how the mechanism works in practice.
SPF policy is set by the domain owner, not the SPF implementers or
the SPF enabled recipient. The SPF enabled recipient decides
how to work with the policy set by the domain owner (some domains
being very strict, others being more lenient) to get the best results
for their e-mail users.
For domains with users that legitimately use forwarding services that do
not generate a valid (local to the forwarder) envelope from, simply
set ?all or ~all in the SPF record.
For receiving domains that value receiving forwarded e-mail over
rejecting forged messages during SMTP negotiation, simply tag fails
instead of rejecting them.
There is _NO_ reason that SPF has to be broken or break anything for
anyone who does not wish it to be.
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203