Theo Schlossnagle wrote:
I argue that SPF isn't so valuable unless it is ubiquitous.
I still settle for "ubiquitous among spammers" as good enough.
And the SPF concept is very simple, when you mumbled something
about not confusing receivers = users with receivers = admins
it was immediately clear what you meant:
A -> B -> C
a(_at_)A a(_at_)B a(_at_)C three admins, don't know each other
u(_at_)A user @A (me) sending to users @B / @C
u(_at_)A -> u(_at_)B user @B gets MAIL FROM me (u(_at_)A), okay
u(_at_)A ----------> u(_at_)C user @C gets MAIL FROM me, also okay
u(_at_)A -> f(_at_)B -> f(_at_)C f(_at_)B forwards to C, potential
trouble
if both a(_at_)B and a(_at_)C don't know this
or ignore it, and C checks SPF
u(_at_)B and u(_at_)C are boring, that reduces the model to 5 actors,
the three admins, me as sender, and f(_at_)B, the forwarding user.
Plus an attacker X flooding B and C with mails claiming to
be from u(_at_)A, but that's a lie. Without that attacker X the
model would make no sense.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com