spf-discuss
[Top] [All Lists]

Re: SPF is not usable as legal measure against spammers.

2004-07-15 09:03:13
On Thu, Jul 15, 2004 at 04:21:32AM +0300, Andriy G. Tereshchenko wrote:
| [John Keown]
| > That is why and where smtp authentication comes into play. With smtp
| > authentication the hijacker cannot authenticate and therefore cannot send
| > from example.com return address.
| >
| 
| This is an additional administrative burden and source of configuration
| errors.
| ISPs (in addition to SPF) has to maintain SMTP AUTH and distribute/update
| passwords (or use client SPF records during relay)
| For all clients! Even for those who have our MTA on DSL and use ISP router
| as relay.
| This will make SPF non-reliable if ISP client configured SPF, but ISP has
| not adopted SMTP AUTH yet.
| This will increase initial adoption time.

Yes, that is quite correct.  There are already a number of
well-respected documents that encourage the industry to move
in this direction.  Bellsouth has already accepted their
recommendations.  Just because something is hard to do
doesn't mean it shouldn't be done.  Perhaps when you are
older you will understand this better.

http://www.ietf.org/internet-drafts/draft-hutzler-spamops-00.txt

http://docs.yahoo.com/docs/pr/pdf/asta_soi.pdf


<Prev in Thread] Current Thread [Next in Thread>