----- Original Message -----
From: "Mark C. Langston" <mark(_at_)bitshift(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, August 13, 2004 8:47 PM
Subject: Re: [spf-discuss] Good Domain List one step closer to reality
(actually two steps)
On Fri, Aug 13, 2004 at 08:42:38PM +0200, jpinkerton wrote:
We must do what we can, but that does not include spending e-mail users
money on things like SSL. Simple SPF is the way forward (for now) -
once it
is totally implemented across the web, and I think that is the real goal
of
the SPF project.
While I agree with your first statement, I don't agree with the second.
I side with Meng in that SPF alone is not sufficient. There must be
some way to track behavior of mail senders as well -- a reputation
system. In Meng's aspen webpage, however, he mentions reputation
several times, but places all the weight on accreditation, and does not
discuss how or where reputation enters into the picture. I take an
opposing stance: accreditation is unnecessary, but reputation is a
necessary additional component.
I agree that SPF alone is not enough - but there are other methods that can
be used without going to the extent of SSL. I agree that reputation is more
important than accreditation, mainly because accreditation can be bought,
but a good reputation is possibly hard to get for a small e-mail user who
has only limited technical savvy.
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492