On 6/22/04 8:34 AM, Seth Goodman sent forth electrons to convey:
...my personal synopsis is that there
are three things that are critical to authenticate for everyday use:
1) That the IP of the SMTP-client is properly tied to a domain name via rDNS
and verified by forward DNS, and neither the IP nor the domain are on any
blacklists, local or external. Present best commercial practices (BCP)
handle this well.
2) That MAIL FROM: represents the original sender, or a designated bounce
address for the sender, of the particular message and sending a DSN to it
does not constitute abuse of an innocent third party.
Did you not read my post explaining how Unified SPF actually does
protect 2821.MAIL FROM, and why we should consider it to do this job
well enough to be acceptable, IMO? I would like to know what you think
after you read it.
Note:
"RE: [spf-discuss] a grand unified theory of MARID (blame me!)" said in
part:
"If you get word of From: forgery, you're gonna be motivated to do a
little work to get the spammer's domain blacklisted, for example by
putting him in your RHSDRBL (Right Hand Side Distributed RBL), which
will stop the forgery and phishing. "
By this, I do not mean that if you don't do this work, your reputation
will suffer. It won't. It's just that with Unified SPF, you have more
opportunity and power to punish the spammer for forging your domain.