I think the biggies wait it out for now, as there is a 'replacement' in
the form of senderid. Now senderid is not a replacement for spf in the
technical terms, i believe many perceive it as being so. Or at least as
something which might come instead of spf.
Spf is not an industry standard, the microsoft owned&backed senderid is
on it's way to be. I guess everyone is just waiting to see what will
happen, and frankly i'm afraid that senderid will win simply because
microsoft has the money to make it win.
I hope though that either MARID (the ietf workgroup pushing for senderid
if i'm correct) will come to it's senses, and either make senderid
acceptable to the whole internet, not just the Inc's and .coms + they
put some envelope from checking in there, or failing that that spf will
carry on regardless of senderid.
Koen
On Wed, Sep 01, 2004 at 03:41:39PM -0400, Paul Bissex wrote:
Performing SPF checks, for me, is part of a larger strategy to reject
forgery of all sorts (for example, a surprising 10-20% of SMTP
connections to my server are HELOing with *my* IP or hostname). I've
been considering working up a Postfix content filter that does forgery
detection outside of SPF, mostly to protect my friends-and-family
users from the onslaught of phishing scams.
Then I thought, gosh, my job would be a lot easier if paypal.com,
ebay.com, and citibank.com (for starters) simply published SPF
records. Of the domains that I see phorged (sorry) most often, only US
Bank has published SPF -- and only for usbank-email.com, not for
usbank.com.
I know that implementation can be difficult for large, busy sites, but
if these guys don't see a strong business (financial) case for
publishing SPF, isn't that a bad sign?
Are efforts underway, but simply at such an early stage that they
can't even publish preliminary (softfail) SPF records?
Has there been any technical outreach aimed at these people?
Perhaps I'm being too impatient?
pb
--
paul bissex, e-scribe.com -- database-driven web development
413.585.8095
69.55.225.29
01061-0847
72°39'71"W 42°19'42"N
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/