Alex van den Bogaerdt wrote:
On Sat, Sep 10, 2005 at 12:38:03PM +0200, David wrote:
- Receivers doing SPF checks, if that header is present, should
interpret it this way:
You are totally missing the point of checking SPF.
The message can be rejected before it is received.
Nothing in the DATA part will help, there will not be a DATA part.
The point of SPF as a sender policy framework is to have a facility in
which we can enforce sender's policies to prefent fraudelent use.
No one is "totally missing the point" by processing the DATA/body phase
of the SMTP transaction. The fact that SPF could be enforced before
DATA was nice, but not that important in practice. For small providers,
it just isn't that much bandwidth and for large providers they are
already doing this. However, SPF having awful (show stopping)
consequences for senders who's mail is forwarded by someone who doesn't
care about SPF means that you can have something mostly useless before
DATA... or something more useful afterwards.
Also, any large provider that blocks outright on SPF in the SMTP phase
needs their head checked. It's a really valuable feature to weigh into
an overall decision, but the other valuable features come from examining
the content in the DATA phase anyway.
My point is that the point of SPF is sender policy on email and no one
"totally misses the point of checking SPF" by only aciting before the
DATA phase. The message can still be rejected after the data phase.
Yahoo! does this all the time as does AOL and I name those providers as
they deal with _billions_ of emails per day -- so if it isn't too
expensive for them and their billion plus emails, I think I'll be just
fine with my lesser bulk.
As for your statement "forwarders abuse other people's names". While I
agree with this on a philisophical level, it simply isn't reality on the
Internet. The time to contest the righteousness of that is over as
contesting it now, regardless the outcome, will not effect the universal
change of behaviour that is needed.
--
Theo
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com