spf-discuss
[Top] [All Lists]

Re: SPF and Responsibility

2004-07-22 13:40:50
On Thu, 22 Jul 2004, David Sowder wrote:

It seems to me that some are confusing things a little.  In my mind,
all SPF asserts is that a set of IP addresses is legitimate for a
domain.  Given the IP address of a connected SMTP client, an SPF
record makes an assertion as to the legitimacy of the server at that
IP address to send messages with an envelope from (and potentially
other uses) of that domain.

I think the word 'legitimate' is confusing things.  In the context
of SPF it should mean 'the return path domain was not forged'.  'Legitimate'
messages from a SPF compliant spammer will be spam.  SPFv1 is concerned with
stopping return path forgery - and that's it.  So let's restate the
results using the word 'forged' intead of 'illegitimate'.

+ means messages from this server with this domain are never forged
- means messages from this server with this domain are always forged
? means messages from this server with this domain may or may not be forged
~ means messages from this server with this domain are most likely forged

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>