spf-discuss
[Top] [All Lists]

RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF

2004-11-18 19:45:49
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
Stuart 
D. Gathman
Sent: November 18, 2004 6:51 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Electronic Frontier Foundation 
(EFF) Article On Anti-Spam Technologies Mentions SPF


On Thu, 18 Nov 2004, Vivien M. wrote:

As far as SPF is concerned, both my semi-legitimately 
forged mail and 
fully forged mail are viewed in the same way. For Aunt 
Mary, there's a 
huge

Aunt Mary should be using SMTP AUTH - problem solved.  It is 
already supported by all major email clients.  Or see below.

That assumes SMTP AUTH is supported by whoever gives her the email account
(in this case, an educational institution she works for). I'm saying there
could be a scenario where the IT department says "we think everybody who
uses email is doing it on campus or through webmail, so we can publish -all
and not provide SMTP AUTH" and then the Aunt Mary types are ... well, in
trouble, if they can't get that policy reversed.

If the IT department is modestly enlightened (as opposed to clueless like
I'm assuming) and can't do SMTP AUTH, best thing to do is probably not
publish "all" at all (e.g. one educational institution I know just has
ip4:theirnetblock and that's it) or "?all", but that will anger lots of SPF
advocates. Didn't we have a nice heated thread a few months ago about the
merits of -all and how ?all was a bad idea and how some people wanted
implicit -all?

Vivien


<Prev in Thread] Current Thread [Next in Thread>