On Tue, 2004-11-23 at 12:30, David Woodhouse wrote:
Because they don't rely on the whole world suddenly 'upgrading' to do
something like SRS. That's not a realistic requirement, because email
deployment is _slow_ to change.
The whole world doesn't need to suddenly upgrade to SRS. Only people
who want to do inbound SPF checks really need to do that.
If you want to check incoming mail according to the authorizations that
the MAIL FROM domain owner has published via spf then you should:
o Do SPF testing
o Do SRS rewriting, (unnecessary if the unrewritten MAIL FROM would
still pass SPF tests.)
o Allow for per-user whitelists, (with a best-guess algorithm
available for domains who don't publish SPF records.)
If you don't want to check incoming mail according to the authorizations
the MAIL FROM domain owner has published via SPF then you can:
o Do nothing.
In other words, uninterested folks can do without SPF and SRS for as
long as they like.
Now granted there may be market pressure for a person/company to do SPF
and SRS, but..then they're not really an uninterested party any more,
but are operating under the normal business and personal constraints of
meeting business or personal demands/requests or not.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com