I would love to see a reporting mechanism like this. It can be used be those
who are reposbible for
some things (such as email/DNS) but may not be able convince mgmt to deploy SPF
(or perhaps want an
easy way to see what the SPF record would need to look like in order to deploy
it without breaking
anything in the short term).
Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of guy
Sent: Monday, October 11, 2004 8:55 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] spf entries for which hosts ???
I like this idea: "report=postmaster+spf(_at_)%{d}".
I would want to specify what email address to use. Not just take some
default.
You got my vote!
Guy
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Meng
Weng Wong
Sent: Monday, October 11, 2004 5:44 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] spf entries for which hosts ???
On Mon, Oct 11, 2004 at 01:40:00PM -0600, Commerco WebMaster wrote:
|
| FOR OTHER LIST MEMBERS: I am interested in knowing if some
of the AV plug
| in vendors also have plans for direct support of SPF. I
ask because such
| support should make SPF deployment and acceptance at the MTA level
| easier. If so, could we consider adding a switch which
might cause said
AV
| plug in software to either send or not send a message back
to the domain
| owner regarding the misuse of their name by another party?
While it is
the
| purpose of SPF to stop the domain name from being misused,
it might also
be
| useful for evidence gathering purposes to have data points
documenting
| misuse when gathering evidence for any other actions a
domain owner might
| want bring against individual(s) attempting to misuse their
domain name in
| email spam. A switch mechanism here makes it easy for a
domain owner to
| decide on how they might choose to actively learn of or not
learn of such
| identity theft events taking place. With something like
the "v=spf1 -ALL"
| syntax, the AV plug in would presume that the owner wants
confirmation of
| abuse as opposed to "v=spf1 NOCONFIRM -ALL" were they would
not. Perhaps
| the attorneys on this list might want to comment on the
usefulness of or
| logic error being made in implementing this as regards
evidence gathering
| procedures. Any thoughts on this would be appreciated.
|
| In any case, getting back to Margrit's question, just like
MX records, it
| is through the information you publish in a specially
formatted DNS based
| TXT record that this processing can take place.
There are two ways to report this information back to domain
owners: they can use an "exists" for logging, or they can
help develop a reporting syntax, eg. v=spf1 -all
report=postmaster+spf(_at_)%{d}
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com