spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Exclusive v. Open SPF records

2005-09-03 16:31:47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gaven Henderson wrote:
My apologies if this has already been discussed.  I'm new to this forum
and the archives don't support searches.  That said....

Does anybody else think that allowing for non-exclusive (?all) SPF
records completely kills the goal of Sender Policy Framework?

No.  _Allowing_ for "?all" records makes it easy for domain owners to 
adopt SPF without risking to jeopardize their mail immediately.

I would agree, however, that actually _deploying_ "?all" records is not 
very useful.  If one understands SPF well enough, one should go "~all" or 
"-all" right away.

1.  Non-exclusive SPF records do not improve the status quo in
identifying spoofed senders.

True.

In other words, if an SPF record allows for a soft fail, then it does
not allow for a hard fail.

Note that "?" does not mean SoftFail, "~" does.  "?" means "Neutral", 
which is more... well... neutral than SoftFail.

2.  Non-exclusive SPF records force domains to publish a list of all
outbound servers.

Uh, what?  This has nothing to do with "?all" records in particular.  It 
is the general point of SPF.

3.  Non-exclusive SPF records make SPF a 'half-ass' solution.  I know
it's the same basic point but if SPF still allows for spoofed MAIL
FROMs then it's not solving anything.  While there are some creative
ways out there for MTAs to handle a soft fail, they all involve [...]

Are you arguing that "~" (SoftFail) is useless/problematic/harmful?  If 
not, I'm not sure what your last point is about.

Spammers and hackers are smart and aggressive people, if you provide
them an inch, they will take a mile.

All too true.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDGjI3wL7PKlBZWjsRAm/0AKCQt/ZxoiWga7IajmLT3S/YAdtS8ACg2t7O
Yv+gfhfljXki7C9VaHGWGfQ=
=CN3p
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com