Ok.. let me chime in here for a second.. I have NEVER requested to
receive ANY of the e-mails I receive every day... does that mean they
should be blocked? Non.. most of them I want to receive! When
Michael, in the cubical next to me, e-mails me some instructions for
the xxxxxxx, I want those... even though I didn't request them.
Further, the e-mail address was not 'faked'. The user was using
e-bay's SMTP server and SMTP client (web interface). It was not
'faked' any more then it would be if you used webmail someplace.
So is it a forgery if userA is on ISPB and wishes to send an e-mail
out as userA, even though ISPB blocks (as well they should) port 25?
Definately not!
On 5/2/05, Roger B.A. Klorese <rogerk(_at_)queernet(_dot_)org> wrote:
On Mon, 2 May 2005, Andrew Gutkowski wrote:
I work for a college. To our institution, a legitimate email is one
that was requested by the user.
I'm sure your user did not ask for mail to be sent to them from a faked
email address.
You may choose not to use SPF because it blocks "user-consented forgeries"
that your users wish to receive. But it's clearly not the long-term
solution to the problem of forgery that we continue to allow any system to
send mail as anyone just because "it's never been prevented before."
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com