-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
Stuart
D. Gathman
Sent: November 18, 2004 6:51 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Electronic Frontier Foundation
(EFF) Article On Anti-Spam Technologies Mentions SPF
On Thu, 18 Nov 2004, Vivien M. wrote:
As far as SPF is concerned, both my semi-legitimately
forged mail and
fully forged mail are viewed in the same way. For Aunt
Mary, there's a
huge
Aunt Mary should be using SMTP AUTH - problem solved. It is
already supported by all major email clients. Or see below.
That assumes SMTP AUTH is supported by whoever gives her the email account
(in this case, an educational institution she works for). I'm saying there
could be a scenario where the IT department says "we think everybody who
uses email is doing it on campus or through webmail, so we can publish -all
and not provide SMTP AUTH" and then the Aunt Mary types are ... well, in
trouble, if they can't get that policy reversed.
If the IT department is modestly enlightened (as opposed to clueless like
I'm assuming) and can't do SMTP AUTH, best thing to do is probably not
publish "all" at all (e.g. one educational institution I know just has
ip4:theirnetblock and that's it) or "?all", but that will anger lots of SPF
advocates. Didn't we have a nice heated thread a few months ago about the
merits of -all and how ?all was a bad idea and how some people wanted
implicit -all?
Vivien