>> The edge mailers are not smart enough to process SPF yet. (Actually
>> an SPF switch exists but their implementation is known to have some
>> problems and can't be adjusted, whitelisted, etc. This is an
>> appliance box.) Most important, their implementation of SPF doesn't
>> allow for logging only, the only choice is to reject.
What I meant to say was, the appliance box technically *does* support SPF,
but I don't trust its implementation completely, and it's not great for
getting data (i.e. for research) out of. But I have a feeling that if
other folks running MTAs that they can control come up with some compelling
numbers, then the appliance vendors will rush to provide at least basic SPF
support so they can have the checkbox on the features matrix.
> This raises a serious question - If many domains use these "appliance
> boxes" as their border MTAs, how can we expect *any* IP authentication
> method to work? Are we expecting these appliances to be replaced by
> general-purpose MTAs? I assume there is no chance of modifying their
> proprietary software.
Probably true that it's difficult or impossible to add after-market, but if
enough of their customers ask for it...
In the early days of SPF, we can probably have a noticeable impact even
without getting 100% adoption in the field... I think we can have a
meaningful impact even at 10%. All it takes is some of the big name
receivers -- maybe just a handful -- to start checking SPF and I'm betting
that spammers will start to avoid SPF-protected domains. May not reduce
overall spam at first, but if domain owners see a decrease in forgery
activity, that's something, at least.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>