From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Meng
Weng Wong
Sent: Saturday, July 10, 2004 10:29 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: Unified SPF works in progress now in
alpha
On Fri, Jul 09, 2004 at 07:46:40PM -0500, Seth Goodman wrote:
|
| As far as I can see, these reputation systems are simply
| pipe dreams.
| They may come about and they may not. Right now, without
| the reputation
| systems, we are considering building a mechanism into SPF
| that allows a
| malicious party to override the published policy of the
| netblock owner.
| I respectfully suggest that is a poor idea.
actually, if public reputation services never appear, the
only overrides the algorithm will support are locally
hardcoded whitelists --- and the analogy with ssh is
appropriate. note the AND requirement for a positive
result:
As long as in the absence of a reputation system or a manual whitelist
entry, a malicious domain owner's SPF record cannot cause an override of
an SPF fail for the PTR domain, I am satisfied. The segment of the
draft you quoted indicates that is the case.
--
Seth Goodman