Appreciate if someone please post this reply to list. If not, I can post them
to SenderKeys discussion list?
At 05:48 PM 8/24/2004 -0500, you wrote:
From: AccuSpam [mailto:support(_at_)accuspam(_dot_)com]
Sent: Tuesday, August 24, 2004 3:01 PM
If it makes you feel any better, I have the same problem, as do many
small business and personal domain owners.
And you think "-all" is a realistic priority for SPF???
Yes, I really do. It's a matter of time and momentum and at the moment,
both are on our side. Yesterday's bleeding edge idea is today's
standard practice.
I wish and hope that was true. How I wish it was a reality NOW!
But...
What momentum?
Do you see AOL or Earthlink, which both have SPF records, actively preparing
their users for SMTP authentication?
Have you done any estimates on how much $$$$ it might cost Earthlink to upgrade
it's *millions* users?
Has any cost analysis at all been done on SPF "-all"????????
[...]
Neither of my two providers offer SMTP AUTH, though one
promises it in the near future. When they do, it is
unclear if they will prevent domain forgery after
authentication. I have written them to explain the need
for this, but the reply I got back indicates they either
didn't read or didn't understand the request.
My hosting provider, Interland, is one of the largest around. Like most
other providers, they dealt with spam for a long time by filtering.
After a while and thousands of customer requests, it became clear that
the spam onslaught was not going away and they switched to rejecting
during SMTP. The latter has proved very popular with customers plus it
saves them money. Up until recently, they have similarly fought SMTP
AUTH tooth and nail saying, "our customers could never deal with that".
Today, they have completed alpha testing and are preparing to roll out
SMTP AUTH for their entire customer base.
Hosting is a different demographic than an ISP with millions of "simpleton"
users who connect to internet for email and web.
When SPF gets past the early adopter phase and is poised to improve
their daily operations, I have no doubt they will go that route, as will
other providers. As they host well over a million domains, this will
not happen overnight, but when it appears to add value for their
customers, they will do it. When adoption gets wide enough and enough
SPF records end with "-all", the large providers may decide to stop
accepting mail without it and that will be the end of the argument.
Feedback in several months after they have a real picture of the cost/benefit
curve.
Remember that publishing SPF records does not help the publisher. Most people
have a problem with receiving forgery, not sending it.