spf-discuss
[Top] [All Lists]

Re: Should SPF be Frozen or Extensible? (XML insights)

2004-05-31 11:06:14
Thanks for taking the time to reply.

--Koen Martens <spf(_at_)metro(_dot_)cx> wrote:


Do I understand this correctly, there's a lot of forgery coming from
comcast, forging your domain, but there are a small number of users
legitematly sending email from your domain using comcast's mail servers?
I think the best thing to do would be for the users to connect to your
own mail server, and have them use authenticated smtp, right?

Yes, that was what the example was about... if Comcast says "Pass", I don't want to say "Pass", but I might want to say Unknown. That way I am leaving the door open to forgeries from them, but not really labelling them as legit, and I'm closing the door to forgeries from the rest of the world.

Anyway, I'm not sure if anyone would want to do that in real life. :)

--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>