spf-discuss
[Top] [All Lists]

RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF

2004-11-19 12:07:06
We do NOT publish ?all and never will.

We want everyone to authenticate via our servers.

If they don't authenticate, they don't send e-mail, PERIOD - NO EXCEPTIONS.

Bruce Barnes
ChicagoNetTech Inc

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Vivien M.
Sent: Friday, November 19, 2004 12:57
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Electronic Frontier Foundation (EFF) Article
On Anti-Spam Technologies Mentions SPF


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Stuart
D. Gathman
Sent: November 19, 2004 1:29 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Electronic Frontier Foundation
(EFF) Article On Anti-Spam Technologies Mentions SPF


On Fri, 19 Nov 2004, Vivien M. wrote:

The question then becomes: how do you tell somebody who
feels they are
authorized using the first definition that they can't do what they
want because of a technology using the second definition?
And if that
somebody is your boss, how do convince them NOT to order
you to remove
your SPF deployment?

End your SPF record with ?all.  Problem solved.  I mean, come
on, this is a case of "Doctor! Doctor!  It hurts when I do this!."

Okay, so assuming the IT department is clueful enough to know when ?all
should be published (which we'll say they are, and until I can encounter a
specific one being SPF-clueless, I'll accept that), then it's all good, we
agree there.

But then, why is it that if I dig through the 12000 messages I've received
from this list and my memory thereof, I find various people who seem to be
threatening to blacklist domains that don't publish some form of more
restrictive SPF policy? ISTR (though it's hard to find the actual emails in
the 12000) some people wanting to remove ?all or even threatening to
substitute a -all for every ?all they encounter. It's easy to say "we should
encourage domains to crack down on forgery by being mean to those who lazy
out on their SPFing by publishing ?all", but that's an overly simplistic way
of looking at it. Then again, if you're willing to have lots of false
positives and you're small enough (read: not AOL, Hotmail, or whatever) not
to be able to pressure many others, maybe that doesn't matter as much as I
initially thought it did?

Vivien

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>