-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michel Bouissou wrote:
| Le vendredi 23 Juillet 2004 20:59, Daniel Taylor a écrit :
|
|>Yes, I would flag it the first time you sent e-mail
|>to me. If it was spam your domain would then get blacklisted.
|>If several e-mails passed between your domain and mine without
|>that happening, I would stop flagging them.
|>
|>Simple, eh? All of a sudden neither one of us has
|>to trust a third party to tell us whether we can talk to each other.
|
|
| You really don't need SPF for that. You can "flag" all the mail you
receive
| from unknown domains until it proves good in the first place.
|
| SPF is supposed to avoid this annoyance. If everybody starts making
his own
| rules "Oh, this SPF record is too complex for me, that one seems to
| permissive, that one has 3 "+a" mechanisms in a raw, that one is paint in
| blue"...
|
| Well, there's not much of "SPF" anymore.
|
You were asking how I would handle a reputation system with SPF,
we were already out to a fringe case,
I fail to see how this proves your point?
Most companies/individuals can publish "v=spf1 mx -all" and be just
fine. Not immediately trusting completely a new correspondent with
an SPF record that I cannot verify does not cover the entire western
hemisphere hardly consists of a major weakness in the system.
- --
Daniel Taylor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBAXRe8/QSptFdBtURAsCAAJ95tfRzBpOh4Q3+EZ92kYLBhapDIACfYXcx
EKwHZ5dfmVthh5KWGJwGVx4=
=9yy/
-----END PGP SIGNATURE-----