On Tue, 22 Feb 2005, Theo Schlossnagle wrote:
SPF was designed to break [forged email]. Is it forgery? Before SPF it
was an argument, now there is no argument. If I publish -all in _my_
domain and send mail, I have defined forgery as anyone not in that
poliicy attempting to use my domain in the return path of mail they
send. That is the inherent beauty of SPF, if _you_ don't think it is
forgery, then simply publish a record that reflects your wishes. I'll
publish my record.
Amen. Well said. And I might add that publishing no SPF record
at all is effectively a record of "v=spf1 ?all", which is exactly
the 20th century policy of "I and anyone in the world can send my email from
anywhere and as anyone they %$^# well please." So if that floats your boat,
you don't have to do anything.
SPF is a refreshing concept that allows senders to verbalize what _they_
believe should and shouldn't be acceptable use of their domain in the
envelope sender of Internet messages. SPF is expressive and the
Internet is about operating they way you wish -- which is very
symbiotic. If you hate SPF, I think your hatred is misplaced. There is
likely an SPF policy that matches your opinion how others should view
your domain used in an envelope sender.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.