spf-discuss
[Top] [All Lists]

How useful are per-user policies?

2005-05-03 19:37:55
I have a bone to pick with the %{l} macro.

A domain that is publishing such a macro allows in one way or another
that a user of the domain name mess with the domain's reputation.

In the near future, if all goes well, reputation databases will be
possible using the information derived from SPF authorization.

So a simple include:%{l}.whatever means that the domain's reputation
will be affected by the actions of any single user. The case is the same
for a:%{i}.dyndns.mydomain.com (in the SPF policy of mydomain.com)

In my view, publishing %{l} is too high of a risk that the reputation of
the entire domain be tarnished by one single user, during a single
incident. Single-user domains don't have much to lose, as
domain_reputation==user_reputation. But those domains also don't have a
use for %{l} :)

So, how likely is any domain to want a %{l} in their policies after
they've considered all the implications?

If it is dangerous for the large domains, is it less dangerous for the
smaller domains? I think of dangerous in terms of "dangerous for the
domain's reputation".

I regard the pobox.com and listbox.com's SPFs as poorly thought out
policies, and I do not believe that their use of %{l} can be defended
easily.

Regards,
Radu.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature