At 01:40 PM 10/11/2004, I wrote:
FOR OTHER LIST MEMBERS: I am interested in knowing if some of the AV plug
in vendors also have plans for direct support of SPF. I ask because such
support should make SPF deployment and acceptance at the MTA level
easier. If so, could we consider adding a switch which might cause said
AV plug in software to either send or not send a message back to the
domain owner regarding the misuse of their name by another party? While
it is the purpose of SPF to stop the domain name from being misused, it
might also be useful for evidence gathering purposes to have data points
documenting misuse when gathering evidence for any other actions a domain
owner might want bring against individual(s) attempting to misuse their
domain name in email spam. A switch mechanism here makes it easy for a
domain owner to decide on how they might choose to actively learn of or
not learn of such identity theft events taking place. With something like
the "v=spf1 -ALL" syntax, the AV plug in would presume that the owner
wants confirmation of abuse as opposed to "v=spf1 NOCONFIRM -ALL" were
they would not. Perhaps the attorneys on this list might want to comment
on the usefulness of or logic error being made in implementing this as
regards evidence gathering procedures. Any thoughts on this would be
appreciated.
I did not really type "-ALL" did I? DOH! I meant to type "v=spf1 -A" vs
"v=spf1 NOCONFIRM -A".
Sorry for the confusion.
Best,
Alan Maitland
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/