-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck Mead wrote:
We keep talking about this as though there is nothing wrong with
bouncing
Just to set things straight: _nowhere_ have I implied that there was
nothing wrong with sending bounces to unauthenticated sender addresses.
and as though we're concerned about implementation like spamassassin.
We should, because those implementations would not necessarily be
incompliant (i.e. if they do things right), unless we explicitly declare
them so. Projects like SpamAssassin will discover that there _is_ a way
to do things right past SMTP time[1], and thus implement SPF, like it or
not.
In this regard, this issue is very much unlike the "checking against other
identities" issue, where there is simply no way to do things right.
Footnotes:
1. Doing things right past SMTP time means: using reliable identities,
not generating bounces, etc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFChhn1wL7PKlBZWjsRAqGMAJ4+WHNo+YwRurJDOf2Bdu460oQY5ACfQWMe
zvscxqddZPM7eKwak8Yvr4I=
=Hyq8
-----END PGP SIGNATURE-----