I expect that the senderid IPR and license issues, the confusion around the
license and/or the
confusion on what exactly the PRA means is the lack of record deployment issue
FOR THOSE THAT HAVE
HEARD OF SPF/SENDERID. This coupled with the fact that even if you *do* want
to publish, a lot of
DNS providers do not support txt records, or at least not through an admin
interface (and nobody
wants to wait on hold for a support desk rep to say "You want to do what?").
For those that have not heard of it, well we know why they haven't published.
I really wonder how
many mail admins fall into that category, though. I personally have had a mail
admin in a remote
site email me and say "have you heard of Microsofts new Senderid?" (I kid you
not, his question was
based on an article where MS/the author does not acknowledge Meng or SPF as the
roots).
Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Paul
Bissex
Sent: Wednesday, September 01, 2004 3:42 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Non-adoption of SPF by most-phished domains
Performing SPF checks, for me, is part of a larger strategy to reject
forgery of all sorts (for example, a surprising 10-20% of SMTP
connections to my server are HELOing with *my* IP or hostname). I've
been considering working up a Postfix content filter that does forgery
detection outside of SPF, mostly to protect my friends-and-family
users from the onslaught of phishing scams.
Then I thought, gosh, my job would be a lot easier if paypal.com,
ebay.com, and citibank.com (for starters) simply published SPF
records. Of the domains that I see phorged (sorry) most often, only US
Bank has published SPF -- and only for usbank-email.com, not for
usbank.com.
I know that implementation can be difficult for large, busy sites, but
if these guys don't see a strong business (financial) case for
publishing SPF, isn't that a bad sign?
Are efforts underway, but simply at such an early stage that they
can't even publish preliminary (softfail) SPF records?
Has there been any technical outreach aimed at these people?
Perhaps I'm being too impatient?
pb
--
paul bissex, e-scribe.com -- database-driven web development
413.585.8095
69.55.225.29
01061-0847
72°39'71"W 42°19'42"N
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com