Hector Santos wrote:
CSV requires far more of an infrastructure change
It's some kind of "web of trust". <shrug /> The real problem
is to get FAILs for unknown strangers that don't play by the
rules, so far only SPF + MTAMARK help with the real problem.
My definition of "real problem" doesn't include weird spammers
trying HELO xyzzy.claranet.de It's okay if that doesn't work
anymore, but so what, the spammer can simply change his HELO.
CSV still suffers from a chicken and egg problem
Sure, but the HELO-checks in SPF are not "better", to put it
mildly. The important point of SPF are forged MAIL FROMs and
a FAIL. The white-list idea of SPF PASS results is the same
hen and egg problem as in any other FUSSP.
Maybe you could see SPF FAIL as hen and PASS as its egg. Now
here could be another self-fulfillig SPF prophecy, I like it.
The day "everyone on the internet uses" CSV and mandates
verifiable FQDN for client machines across the board, is the
day we don't need it any more.
That's the definition of a FUSSP, forget it. SPF works because
spammers are forced to believe in it, what others do is beside
the point.
Bye, Frank