Dave Crocker wrote:
SPF essentially eliminates spontaneous scenarios, by virtue
of requiring pre-registration.
That's not true, if you want to send some mails via my ISP
(during your next spontaneous visit ;-) then it's possible:
MAIL FROM:<me(_at_)xyzzy>
From: you(_at_)dcrocker
Subject: SPF-test
That works everywhere as far as SPF (not PRA) is concerned.
I'm responsible, I'd get the bounce, working as designed.
Certainly the scenarios I described were not hoaxes.
MAIL FROM:<you(_at_)dcrocker> actually sent from me _is_ wrong.
If you think that it's okay just don't publish any sender
policy for you(_at_)dcrocker, it's your domain, your rules.
what about supporting the 999,000,000 users of the
Internet who are not geeks?
They certainly don't want to get billions of bounces for
mails where a spammer forged their MAIL FROM. Bye, Frank