spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF

2004-11-19 12:08:27
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Vivien 
M.
Sent: Friday, November 19, 2004 1:57 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Electronic Frontier Foundation (EFF) Article
On Anti-Spam Technologies Mentions SPF


But then, why is it that if I dig through the 12000 messages I've received
from this list and my memory thereof, I find various people who seem to be
threatening to blacklist domains that don't publish some form of more
restrictive SPF policy? ISTR (though it's hard to find the actual emails in
the 12000) some people wanting to remove ?all or even threatening to
substitute a -all for every ?all they encounter. It's easy to say
"we should
encourage domains to crack down on forgery by being mean to those who lazy
out on their SPFing by publishing ?all", but that's an overly
simplistic way
of looking at it. Then again, if you're willing to have lots of false
positives and you're small enough (read: not AOL, Hotmail, or whatever) not
to be able to pressure many others, maybe that doesn't matter as much as I
initially thought it did?

Vivien


Because I am concerned about deploying an SPF record that would enable
another legitimate user of one of the shared MTAs that I send mail through
to forge my domain, my SPF record has a lot of ?mechanisms in it.  My record
is designed to primarily avoid the FAIL (-all) at the end.

So, almost all the messages that I send get a NEUTRAL result when evaluated
for SPF.

So far, I've had one message rejected because of a NEUTRAL result.  Contact
with the party in question revealed that to be the result of a configuration
error, not an intentional policy.

I do recall someone posting that they were rejecting NEUTRAL results for AOL
since AOL's SPF record will generate a PASS for mail sent from AOL's MTAs
and AOL is so commonly forged.

I also recall others suggesting that this would be a good idea in the
future.

So far, I don't think it's much of an issue based on my experience.

My view is we should do what the spec (whichever one that turns out to be)
says on receipt so that domain owners can predict what impact of publishing
the records.  Anything else is a recipe for further chaos.

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Bruce Barnes
Next by Date:  Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Nico Kadel-Garcia
Previous by Thread:  RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Bruce Barnes
Next by Thread:  Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, wayne
Indexes:  [Date] [Thread] [Top] [All Lists]