Greg Connor wrote:
A very good point, one which I didn't think through completely at first.
In some cases the auth user will own a single email address in the ISP's
domain, and in other cases the auth user owns the whole domain.
I think this underscores the point that the MSA should be able to sort out
who owns what address, and other MTAs that are not the MSA should not be
trying to match them up. SPF is probably not the best tool for this, and
there are number of other techniques that would work, if ISPs would just
spend the time to correlate return addresses to auth users.
On Mon, 25 Oct 2004, Scott Kitterman wrote:
What SPF can do is make it very clear that this sort of return address
management is an essential pre-requisite to safely using SPF PASS on a
shared MSA/MTA. Perhaps if we are clear about that, customers will start to
demand these kind of controls from their providers.
I totally agree. I will not publish +include:sbc.net if they don't rein in
local users and make sure that my domain is not forged. I might ?include them
if I have to, but not +include.
later
gregc
--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org
Everyone says that having power is a great responsibility. This is a lot
of bunk. Responsibility is when someone can blame you if something goes
wrong. When you have power you are surrounded by people whose job it is
to take the blame for your mistakes. If they're smart, that is.
-- Cerebus, "On Governing"