From: "Scott Kitterman" <spf2(_at_)kitterman(_dot_)com>
I can't speak for anyone else, but since I've published a -all record, the
number of bounce messages I've gotten due to forgery of my domain names
has
gone to essentially zero (about one per week rather than dozens/hundreds
per
day). SPF works to do what it was designed to do. Reputation has NOTHING
to do with it.
I've been saying since day one - Relaxed polices are bad and it invites
trouble. As long as the relaxed provisions is around, SPF will always be
plaqued with the same issues that SMTP had with its loopholes for decades.
SPF has help closed a hole in SMTP, yet, left a window cracked open. It
never made sense to me.
In my opinion, I highly suggest at the next opportunity to begin having a
"limited" or expiration concept for the relaxed provisions. Allow them for
legitimate systems to migrate, but it can't be a perpetual policy.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com