[Seth Goodman]
Allowing the domain owner's policy to override the ISP's
policy also discourages ISP's from publishing at all.
Why bother if any spammer can override their SPF record
with their own? Rather than encouraging ISP's to act
responsibly, we would be hampering their efforts. OTOH,
if the netblock owner does not publish a policy, or it
publishes a policy that allows MTA's on dynamic IP's,
there is no conflict within SPF. In case of conflict
between the two policies, however, we have to decide
which to honor.
I agree with you, Seth...Although after the troubles I've had with my
own ISP regarding the "dirty" IP space we're stuck in, I'm not sure how
much "giving ISPs the power" is going to help matters. Most ISPs turn a
blind eye towards spammers unless there are a huge number of complaints.
Only then do they take action. This saves them money chasing down minor
or inaccurate spam complaints, and gives them a few more months revenue
from the spammer's contract until they have to shut them down.
Assuming that ISPs will go to the trouble to map their IP space - and
keep that map updated - for the benefit of the SPF/anti-spam community
is probably not safe. ISPs run on thin margins these days, and are
perpetually low on head count. Even huge tier-1 providers like my
current provider will probably not expend the resources necessary for
implementing all the necessary records and keeping them current.
Regards,
Ryan