On Mon, 2006-03-27 at 17:41 -0600, David Nicol wrote:
Having just read the wikipedia page on CSV, I see that CSV relies on these
phantom "reputable accreditation services" which seems to just push the
question
into more vague infrastructure.
No more so than SPF does; it's just a little more honest about it in the
documentation.
SPF prevents 'forgery' of the reverse-path.
CSV prevents forgery of the HELO name.
In the initial phase, you get to reject some mail which blatantly
doesn't match either SPF or CSV. (In the case of SPF you also end up
rejecting valid forwarded mail when you do that, but let's gloss over
that for the moment.)
You already see spammers with SPF passes -- and if either of SPF or CSV
were to become ubiquitous, then spammers would _all_ need SPF or CSV
success in order to get their mail through. Each of them stops being
useful on its own as soon as it starts to succeed
You _need_ the reputation database in that case. The point is that you
now _know_ they are who they claim to be, and you can safely use that as
a key in your reputation database.
It's just that CSV does it better, because it's simpler and it doesn't
have all the false rejections that SPF does.
--
dwmw2
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com