At 10:27 PM 6/28/2005 -0700, Greg Connor wrote:
> This raises a serious question - If many domains use these "appliance
> boxes" as their border MTAs, how can we expect *any* IP authentication
> method to work? Are we expecting these appliances to be replaced by
> general-purpose MTAs? I assume there is no chance of modifying their
> proprietary software.
Probably true that it's difficult or impossible to add after-market, but
if enough of their customers ask for it...
In the early days of SPF, we can probably have a noticeable impact even
without getting 100% adoption in the field... I think we can have a
meaningful impact even at 10%. All it takes is some of the big name
receivers -- maybe just a handful -- to start checking SPF and I'm betting
that spammers will start to avoid SPF-protected domains. May not reduce
overall spam at first, but if domain owners see a decrease in forgery
activity, that's something, at least.
Let's be careful not to over-sell SPF as anything more than a piece of the
solution. Without a domain-rating system coupled in, the best you can do
is PASS a few well-known domains that authenticate, and maybe FAIL an even
smaller number where the record says -all. The vast majority will be
"unknown" domains, and whether they authenticate or not, might even
correlate the wrong way with probability of spam. i.e. spammers may be
*more* likely to authenticate their dime-a-dozen names if nobody is
checking reputation.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *