-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Meng
Weng Wong
Sent: Friday, June 11, 2004 2:28 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] AOL to ESPs: Comply with SPF, Or Else
I think we'll see the following stages occur over time:
1) receivers use SPF for whitelisting
2) receivers start honouring "-all" and rejecting
nonconformant mail. (requires forwarders to upgrade to
SRS/SUBMITTER.)
I don't think honoring "-all" requires forwarders to upgrade. Whitelisting
the forwarders that are acceptable to the receiver is an reasonable short
term alternative.
Also, many domains never send e-mail. I manage one domain that is often
used by spammers as a forged from, but only takes inbound e-mail so I
published an SPF record for it:
TXT "v=spf1 -all"
You can honor that one today with a guarantee of no forwarder issues.
SRS/SUBMITTER is important to increase the number domains willing to
publish -all, but I don't think it's necessary for honoring -all.
3) if a domain doesn't publish, apply a default of "a/24
mx/24 ptr -all". (requires vast majority of legitimate
domains to publish records.)
I think #2 has a long timeline that can start now, but you are right, won't
be complete until forwarder/"legitimate" forger problems are resolved.
Scott K