In <024001c56c67$9c29bee0$6c62fea9(_at_)ibmrkydk2ufvdd> "John Glube"
<jbglube(_at_)sympatico(_dot_)ca> writes:
Four quick comments:
* MSN/Hotmail has implemented PRA checking based on the SID
framework, using v=spf1 records, in the absence of a
spf2.0, pra policy record. This is contrary to the
recommendation contained in the SPF protocol.
Yes, there are lots of people and programs that do things that are NOT
RECOMMENDED.
* AOL has implemented a dynamic white listing process for
bulk mailers who have published v=spf1 records.
Good.
To my understanding:
* AOL is using a limited part of the check host function.
AOL is checking the domain in the SMTP mailfrom against
their dynamic white list for filtering purposes only.
That's fine.
* AOL is not rejecting mail because the check results in a
fail.
Personally, I don't either really. At least not directly. I use it
as part of SpamAssassin, and an SPF Fail adds to the spam score. I
happen to run SA during the SMTP process via SA-exim, so these
failures could cause a reject.
I used to reject based on SPF failures, but as part of running the
T-FWL, I figure that I need to be a little more forgiving.
* Please read the concerns raised by the head of anti-abuse
at Outblaze on Circle ID and the related references.
http://www.circleid.com/article/1039_0_1_0_C/
I have posted that article to this list before.
I have a lot of respect for Suresh, but on the subject of SPF, he has
shown a great deal of ignorance about how it works. Granted, this was
a rant he made after requesting to be placed on the T-FWL, so as a
email forwarder, he may not have been happy about having to change.
Finally, ask yourself this question.
The head of anti-abuse at Outblaze, wrote a report for the
OECD setting out "Actions Required by Developing Economies
Against Spam." http://www.circleid.com/article/1095_0_1_0_C/
Now, if SPF is the great white knight, why in his role as
consultant to the OECD did he not recommend that ISPs in
developing countries start implementing SPF?
Well, not understanding SPF is certainly a good reason to not
recommend it. His reason for removing SPF records from "some" (but
not all?) of his domains appears to have been political, rather than
technical.
Because, I would suggest, it is his considered opinion,
based on the problems with all the edge cases, he considers
that SPF/SIDF will do more harm than good for email at
large.
Please note, I don't wish to put words in anyone's mouth. I
suggest you read the referenced material on CircleID.com
and draw your own conclusions.
That isn't the conclusion I would draw.
-wayne