On Sat, Dec 02, 2006 at 07:30:55PM +0000, Julian Mehnle wrote:
"?all" is for wimps and for those who are unable to clearly define their
e-mail sending infrastructure (which is bad). I recommend using it only
while testing your SPF policy.
I disagree. Wimps publish "?shared-host.example" :)
People publishing "?all" only want to authorize certain hosts without
rolling out SPF over the rest of the (not: their) infrastructure.
After all: ?all means "treat the rest as if no policy was published".
These people have understood what is published in RFC4408 very well,
and made a careful considered decision. They deserve respect for
thinking and playing by the rules.
I disagree with, but respect, people that see more in an SPF policy
than the specification says. A host is authorized or not. It doesn't
matter if there are one, ten or a hundred different entities behind
it, all of which are able to use each other's domains. That's not in
the specification thus not in the protocol. It is an entire different
layer of security.
An SPF "PASS" does not mean: "the email is verified". It means
"the host was authorized" and nothing more.
If you unilaterally change the meaning of SPF, you are probably
going to disappoint people; either yourself or others. One example
of interpreting SPF in a way it was not designed, is MS's senderID.
alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735