-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse wrote:
You already see spammers with SPF passes -- and if either of SPF or CSV
were to become ubiquitous, then spammers would _all_ need SPF or CSV
success in order to get their mail through. Each of them stops being
useful on its own as soon as it starts to succeed
SPF/CSV don't stop "being useful on their own" as soon as they start to
succeed, just like CFC sprays don't stop being harmful to the environment
just because no one uses them anymore.
When SPF or CSV become ubiquitous, of course protected domains will by
definition no longer have an advantage over non-protected domains, but
SPF/CSV will still provide _security_ against potential harm. As soon as
they went away, forgery would return. Perhaps your definition of "useful"
does not include that security, but mine certainly does.
You _need_ the reputation database in that case. The point is that you
now _know_ they are who they claim to be, and you can safely use that as
a key in your reputation database.
True.
It's just that CSV does it better, because it's simpler and it doesn't
have all the false rejections that SPF does.
It's true that CSV is simpler than SPF. However the "false rejections"
depend on what you consider "false". Alias-style forwarding (that
excludes former alias-style forwarders who now use sender rewriting) isn't
such a widely-used practice as many think it to be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEKK4mwL7PKlBZWjsRAgjqAKDajCFlAUXWb15655rxO2iU6MRL5gCfY690
DYCqzEeErdnAv1QCB7pE7UQ=
=uud/
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com