----- Original Message -----
From: "Jeremy Doupe" <jeremy(_at_)doupe(_dot_)com>
Hector Santos wrote:
People are not publishing -ALL simply because they can't.
Nitpicking I know, but that is simply wrong. As Brian Peterson just
pointed out in the "problems with SPF" thread, people most certainly can
publish -ALL if they know what they are doing.
Good point.
As I stated above, I agree, it was not correct. But I believe I touched on it
in the message. Some of the top key reasons, in my opinion, people are not
publishing -ALL is quite simple:
- They are TOLD to publish ~ALL in the Migration Plan. It is written in
stone at the web site (or it was during its early days).
- I haven't read the latest specs, but it to promoted a neutral policy
until they got their network in order.
- The larger system want to, but they don't have their network in
order.
- The current ugly "kissing cousin protocol" SRS is not part of
the package, so those with forwarding issues that they know
are real for their system, can only use a neutral/softfail.
I'm sure there are other reasons, but the top is what the SPF Migration Plan
promotes.
Ironically, DKIM is suffering from the same "promotion" and "specification"
related issues and those who have learned from SPF issues with relaxed
provisions are sharing it with the DKIM authors. I hope they listen, because
unlike SPF, DKIM is a payload solution and I'll be damn if I am going to waste
time processing wasteful payload that is filled with exploited DKIM relaxed
policy messages.
In my view, it is ludcrious to try to "close" a loophole by opening other
loopholes without adding any else into the picture to close that new loopholes.
Digging a hole to get the dirt fill still leaves you with a hole to fill.
You got to cover all the bases otherwise it will (and has) get exploited.
Thanks for your comments.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com