At 01:54 PM 10/11/2004, I wrote:
At 01:40 PM 10/11/2004, I wrote:
FOR OTHER LIST MEMBERS: I am interested in knowing if some of the AV plug
in vendors also have plans for direct support of SPF. I ask because such
support should make SPF deployment and acceptance at the MTA level
easier. If so, could we consider adding a switch which might cause said
AV plug in software to either send or not send a message back to the
domain owner regarding the misuse of their name by another party? While
it is the purpose of SPF to stop the domain name from being misused, it
might also be useful for evidence gathering purposes to have data points
documenting misuse when gathering evidence for any other actions a domain
owner might want bring against individual(s) attempting to misuse their
domain name in email spam. A switch mechanism here makes it easy for a
domain owner to decide on how they might choose to actively learn of or
not learn of such identity theft events taking place. With something
like the "v=spf1 -ALL" syntax, the AV plug in would presume that the
owner wants confirmation of abuse as opposed to "v=spf1 NOCONFIRM -ALL"
were they would not. Perhaps the attorneys on this list might want to
comment on the usefulness of or logic error being made in implementing
this as regards evidence gathering procedures. Any thoughts on this
would be appreciated.
I did not really type "-ALL" did I? DOH! I meant to type "v=spf1 -A" vs
"v=spf1 NOCONFIRM -A".
Sorry for the confusion.
Best,
Alan Maitland
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/
It appears that I am really out to humiliate myself today. I actually did
mean "-ALL" before I said I did not ;-)
Sorry, it seems that I erred in my original example addressing Margrit's
question, where I erroneously used "-A" instead of the correct "-ALL".
No more public postings for me today. Sorry again.
Alan Maitland
The Commerce Company - Making Commerce Simple(sm) - (well, most of the time)
http://WWW.Commerco.Com/