spf-discuss
[Top] [All Lists]

Re: Andy Newton says: FTC Dismisses SPF

2005-06-26 12:29:03
On Sat, 2005-06-25 at 08:23 -0700, Dave Crocker wrote:
The requirement for cross-net query, in order to perform validation, is
massive increment in overhead from the basic algorithm used by BATV.

The cross-net query isn't _required_ in order to achieve the same
benefits as BATV alone. It's an adjunct. 

But you're right about the complexity, which is why I still think it
would make sense for it to be entirely othogonal -- I suggested
documenting the UDP-lookup mechanism separately as a lightweight
alternative to the SMTP callbacks would be required in order for BATV to
prevent joe-jobs. It's useful in any situation where SMTP callbacks
would be useful; for confirming _any_ kind of address, not just BATV/SES
addresses.

And yes, the RFC2822 ideas were IMHO unnecessary additional complexity
which merely serve to muddy the waters. They should be dropped as far as
I'm concerned.

-- 
dwmw2