spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Sendmail white paper

2004-11-21 10:53:35
from [terry] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of James 
Couzens
Sent: Sunday, November 21, 2004 7:49 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Sendmail white paper


On Sat, 2004-11-20 at 10:53 -0500, Chuck Mead wrote:

Michael Weiner wrote:

On Sat, 2004-11-20 at 14:14 +0000, Roy Badami wrote:


It seems to be the season for white papers.

Sendmail Inc have released a white paper entitled "Sender
Authentication Deployment Recommendations"

http://www.sendmail.net/tools/Sendmail_Auth_Reco_wp.pdf




Thanks for the URL, and you are right, seems that

Christmas is here

early  :-)


They recommend ~all instead of -all.

Bah! What good is it?


Publishing -all is not wise.  SPF is _BROKEN_ please remember this.
There is much forwarding going on and SPF checks failing, and
the number
of domains publishing is still less than 5% of all domains...

SPF is only broken if you don't have SES installed (or it is contrary to your 
domains policy to
allow forwarding).  Please state all the facts when making a blanket statement 
like that.




SPF can only be accurately used to give an IDEA as to the
legitimacy of
an e-mail.  Any positive or negative action taken based on an
SPF result
is risky business, and I'm disappointed to see people publishing -all,


WRONG:
I admin MANY domains, most are for websites only, and the websites domain 
should never, ever have
emails sent from them.  Any emails from those domains, forwarded or otherwise, 
are forgeries.  Those
domains should and do have -all, to accomodate victims being able to reject any 
email from them.


and further to see people complaining about email being dropped by
servers treating -all in a nazi like fashion and rejecting email which
is clearly legitimate although also clearly a "forgery" in the sense
that it came through a forwarder.



Agreed, the over-zealous are a problem, but mostly they are just hurting 
themselves.



Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085



Cheers,

James

--
James Couzens,
Programmer




      ((__))         __\|/__        __|-|__        '. ___ .'
       (00)           (o o)          (0~0)        '  (> <) '
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sendmail white paper, M Z R
Next by Date:  Re: Sendmail white paper, SRS, and forwarding, David Woodhouse
Previous by Thread:  Re: Sendmail white paper, Chuck Mead
Next by Thread:  RE: Sendmail white paper, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]