AccuSpam wrote:
I just thought starting with the owner of the domain, who has a some data on
what his customers are doing, might be a good place to start. It might give
confidence to owner of domain that s/he knows what probabilities are being
applied to his customers when they are not using the designated mail servers.
This might help spread adoption of SPF.
Doesn't this go back to your original problem, though? You were
claiming that ISPs would never publish ~all or -all because customers'
mail might get bounced. But if an ISP publishes a probability of
forgery other than 0, they're taking the same risk -- except that the
results are less predictable. All the mail might not bounce; it might
bounce at some sites and not others, or bounce unpredictably, depending
on the way the probability is used locally. That makes troubleshooting
a lot harder. It sounds to me like the worst of both worlds -- you have
forgeries getting through *and* you have ticked off customers.