spf-discuss
[Top] [All Lists]

RE: Fw: Received your email

2004-08-24 14:21:50
How many other legitimate servers are there out there like this one? It
still seems like a dangerous assumption to make that all servers will use
the FQDN, when for so many years they have got away without having to

Which is why the original maxim for folks writing applications for the
Internet was "be strict in what you send, liberal in what you accept."
However, that was back in the naive young days of the 'net when intentional,
malicious activity pretty much didn't occur.  Alas, those days are no longer
upon us.

So now it's a cost/benefit analysis.  In this case, the majority of
legitimate sending hosts follow the RFCs, while a great deal of spamming
software was sloppily written and violates various parts of the RFCs.  So,
right now, rejecting incoming e-mail due to RFC violations generally
benefits more then it hurts for many folks.  After all, if you find you're
not getting e-mail from someone you REALLY need to get e-mail from and they
can not/will not fix their system, you can always make an exception for
them.

Of course, this is a stop-gap measure.  Once the bulk of spamming software
takes this into account[1], being strict to the RFCs in what you accept will
not be very useful as an anti-spam technique.

If you're pro-SPF, that's another reason to push for it :)

[1] They probably haven't done so yet mainly because rejecting based upon
RFC violations is hardly universal.  So the trade-off for them would be
that, since doing the additional steps would take more time, they'll not
bother to until it stops them from reaching a majority of their "audience".

-----------------------
John C. Ring, Jr.
jcring(_at_)switch(_dot_)com
Network Engineer
Union Switch & Signal Inc.