spf-discuss
[Top] [All Lists]

RE: Distrowatch article on SPF

2004-07-30 07:50:07
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Robert 
Storey
Sent: Friday, July 30, 2004 9:33 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Distrowatch article on SPF


Dear All,

I joined this list for a selfish reason. I'm writing an article about
SPF for the Distrowatch Weekly News. I'd be very appreciative if a few
people here would look at it first and see if I've made any factual
errors. I don't want to spread misinformation, and whenever I write an
article about some project I try to give the developers a chance to see
the story before it gets published. I just think it's a good
journalistic practice, and more fair to the developers.

Anyway, the draft of the story can be found here:

http://colonelpanic.org/weekly.html

Please note that this is a draft, so I'll ask that nobody should link to
this story. It won't be on the website long anyway, maybe 24 hours. The
final story will be found here (again, only after Monday):

http://distrowatch.com/weekly.php?issue=current

I'd greatly appreciate any comments or criticisms. I know this isn't a
very long or complete story, but the Distrowatch Weekly News is just a
weekly summation of current events. Anyway, if you'd like to respond,
you can email me directly, or to the list, I'm OK with both. I really
need to hear from you in the next 24 hours, as the deadline is breathing
down my neck.

Thank you for your time, and sorry if I've interrupted any other
important technical discussions.

best regards,
Robert Storey

I'm not going to comment on the SPF vs Sender ID/Microsoft stuff, but limit
myself to SPF.

In my mind there are two separate and distinct aspects of SPF:

SPF for the domain owner - I define an SPF record (a TXT record in DNS) to
designate legitimate sources for e-mail from my domain.  If I do this, I
protect my good name from false accusations of spamming, virus spreading,
etc. and I ought to have to deal with fewer bounces from forged e-mails as
mail receivers implement SPF checking.

SPF for the mail receiver - I can tell which e-mails are forged and reject
them before consuming network and computational resources.  No need to
bother the user, conserve resources.  When I find spam not forged, it's
easier to hunt down the source and punish them.

I think you cover SPF for the mail receiver, but not for the domain owner.
As a domain owner, I am involved in SPF to try and protect my good name
(fewer forged bounces would be nice, but that's not a major issue in my
mind).  If you could add something about benifits to the domain owners, I
think it would make the article more complete.

Also, you might want to explicitly say that the issue with DNS providers is
allowing users (domain owners) to define TXT records.

Scott Kitterman


<Prev in Thread] Current Thread [Next in Thread>