spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sendmail white paper

2004-11-21 09:53:44
from [Chuck Mead] [Permanent Link] 
James Couzens wrote:

On Sat, 2004-11-20 at 10:53 -0500, Chuck Mead wrote:


Michael Weiner wrote:


On Sat, 2004-11-20 at 14:14 +0000, Roy Badami wrote:



It seems to be the season for white papers.

Sendmail Inc have released a white paper entitled "Sender
Authentication Deployment Recommendations"

http://www.sendmail.net/tools/Sendmail_Auth_Reco_wp.pdf




Thanks for the URL, and you are right, seems that Christmas is here
early  :-)


They recommend ~all instead of -all.

Bah! What good is it?



Publishing -all is not wise.  SPF is _BROKEN_ please remember this.
There is much forwarding going on and SPF checks failing, and the number
of domains publishing is still less than 5% of all domains...
I am a domain owner. I implemented SPF with -all. I did it because as the owner of the domain I have the *RIGHT* to control the use of my domain name and electronic communication which uses it. I have taken pains to insure that if someone is trying to forward something that I, or one of my users wrote their ability to do so will be limited! I *WANT* to control other person's ability to use my domain in electronic communications because in my view their use of my domain without direct association with my designated mail servers is an unauthorized use of my domain name and I *WISH* more domain MTA's were checking and rejecting communications purporting to come from my domains that actually do not.
This is my *RIGHT* as a domain owner and I *CHOOSE* to exercise it. Without SPF I do not see *HOW* I could enforce my rights. Thus, in my opinion, SPF is *NOT* broken. It is a tool that I am using to enforce my policy as the domain owner and it works *PRECISELY* the way I need it to in order to exercise the *RIGHTS* I have chosen to exercise!
SPF if *PRECISELY* the correct tool I require to implement the desired controls. SPF is *NOT* broken.
*IF* you are chosing to forward emails bearing my domain name and this causes you a problem perhaps you must reliaze that *I DO NOT WANT YOU TO BE ABLE TO DO THAT*!
So if a domain owner choses to implement SPF does a checking MTA need to worry about "so called" "false positive"? Nope... not from my domain... it was and is my intent that an email from moongroup.com et. al. must actually be from moongroup.com. Anything else is a pretender and I am happy for you to drop it right square into the bit bucket!
So was I always this draconian in my views? Nope... but the net is no longer a happy place full of fluffy clouds and cotton candy! It has become a place full of dangerous places and persons who are minute-by-minute plotting ugly and nefarious deeds. I have chosen to take one of their trademark tricks away from them! If you do not choose to do the same that is your right but at least do not deny me my rights or tell me my policy is broken when it achieves *PRECISELY* the objective I chose! 

--
csm(_at_)moongroup(_dot_)com, head geek
http://moongroup.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sendmail white paper, wayne
Next by Date:  Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Graham Murray
Previous by Thread:  Re: Sendmail white paper, wayne
Next by Thread:  RE: Sendmail white paper, terry
Indexes:  [Date] [Thread] [Top] [All Lists]