Specifically, how is the ability to purchase an SSL certificate
conferring a "good" status to a domain?
More generally, how is tying authentication to profit motive serving the
community?
One of the beauties of SPF is that is based on the beautiful DNS database,
proven over 2 decades, decentralized, scaleable, free, immediate,
well-known, universally adopted.
Creating/maintaining new, and centralized, $$infrastructure, aka
choke-point/SPOF, is exactly the wrong direction. "good domain" list? GMAFB
Standard DNS records, coupled with SMTP settings, have provided a basis for
credentials which has not been exploited.
Adding SPF TXT records should be secondary to, or at least strongly coupled
with, other DNS/SMTP information, to reduce the anonymity exploited by
spammers, and to increase the credibility of legit mailers.
ie, if we can't reject MTAs with no PTR and matching A records, nor MTAs
that say HELO with garbage unfindable in DNS, because too many legit MTAs
and their DNS are not setup, then SPF is really doomed beyond an
insignificant contribution.
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites