Stuart D. Gathman wrote:
On Tue, 22 Feb 2005, Theo Schlossnagle wrote:
PF was designed to break [forged email]. Is it forgery? Before SPF it
was an argument, now there is no argument. If I publish -all in _my_
domain and send mail, I have defined forgery as anyone not in that
poliicy attempting to use my domain in the return path of mail they
send. That is the inherent beauty of SPF, if _you_ don't think it is
forgery, then simply publish a record that reflects your wishes. I'll
publish my record.
Amen. Well said. And I might add that publishing no SPF record
at all is effectively a record of "v=spf1 ?all", which is exactly
the 20th century policy of "I and anyone in the world can send my email from
anywhere and as anyone they %$^# well please." So if that floats your boat,
you don't have to do anything.
While true, if you really want to tell the world that you're okay with
your address being spoofed, why not go all the way and add a +all to
your SPF record? Let us know it's not ignorance or apathy but a
conscious choice.
That way when the internet finally snaps into two, a well managed side
and a free-for-all, everybody will know which side you're on.
--
Why is a person who plays the piano called a pianist,
but a person who drives a race car isn't called a racist?