----- Original Message -----
From: "Daniel Taylor" <dtaylor(_at_)vocalabs(_dot_)com>
Relaxed results can get people using the system, and with other tools
(mimedefang, bayesian filtering, etc.) can be useful in any event.
I agree and realize it. But I am afraid without a written in stone
Expiration Policy for Relaxed provisions, it will be exploited. As I
stated, with SPF we attempt to close to "relaxed SMTP" loophole where SMTP
allowed the sender to use any domain. Relaxed SPF policies will take us back
to square one.
The last thing I want to see recurring is this statement in RFC 2821:
| 7.1 Mail Security and Spoofing
|
| ....
|
| This specification does not further address the authentication issues
| associated with SMTP other than to advocate that useful functionality
| not be disabled in the hope of providing some small margin of
| protection against an ignorant user who is trying to fake mail.
Well, today, we all know this that it is not just a few "ignorant user"
trying to fake mail, but a multi-million, if not billion dollar spamming
industry.
Lets not repeat this by wrongly assuming that a SPF relaxed provision will
only be exploited by "a few ignorant users who is trying to fake mail."
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com