spf-discuss
[Top] [All Lists]

Re: spf with online forms

2005-05-02 13:47:11
Ok.. let me chime in here for a second.. I have NEVER requested to
receive ANY of the e-mails I receive every day... does that mean they
should be blocked?  Non.. most of them I want to receive!   When
Michael, in the cubical next to me, e-mails me some instructions for
the xxxxxxx, I want those... even though I didn't request them.

Further, the e-mail address was not 'faked'.  The user was using
e-bay's SMTP server and SMTP client (web interface).  It was not
'faked' any more then it would be if you used webmail someplace.

So is it a forgery if userA is on ISPB and wishes to send an e-mail
out as userA, even though ISPB blocks (as well they should) port 25?  
Definately not!



On 5/2/05, Roger B.A. Klorese <rogerk(_at_)queernet(_dot_)org> wrote:
On Mon, 2 May 2005, Andrew Gutkowski wrote:

I work for a college.  To our institution, a legitimate email is one
that was requested by the user.

I'm sure your user did not ask for mail to be sent to them from a faked
email address.

You may choose not to use SPF because it blocks "user-consented forgeries"
that your users wish to receive.  But it's clearly not the long-term
solution to the problem of forgery that we continue to allow any system to
send mail as anyone just because "it's never been prevented before."


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription,
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>