spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Re: SPF TXT Questions re Effectiveness

2006-12-02 21:04:52
-----Original Message-----
From: Julian Mehnle [mailto:julian(_at_)mehnle(_dot_)net] 
Sent: zaterdag 2 december 2006 22:02
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: SPF TXT Questions re Effectiveness


Well, fine, then I'm going to just assume that "the host was
authorized" and _still_ apply domain-based reputation. If a
domain authorizes hosts to send abusive e-mail on their behalf,
they _will_ get blacklisted, no matter the amount of semantical
hair-splitting you throw at it.

+1

SPF greatly strengthens domain-based reputation, because the receiver (on
"pass") can now say, with certainty -- DNS hijacks and such
notwithstanding -- that the use of the domain name in envelope-from / HELO
is authorized. In fact, this is a FAQ kinda thing, like: "Won't spammers
just use SPF too?" Where the answer is something like: "Please, let them
do so! then we can use domain-name blacklisting again!"

An SPF "PASS" does not mean: "the email is verified". It
means "the host was authorized" and nothing more.

"the host was authorized"... to use a domain name. :) In the strictest
sense, SPF is not about content. And it really isn't. But should abusive
content nonetheless be sent, and the receiver can tie it to an
SPF-certified use of a domain name, then you can bet people WILL
eventually block the domain. Easy peasy.

But this has, at the heart of the matter, very little to do with SPF.
People would just be using the authorized domain as one of many possible
reliable 'markers' (like a connecting IP address) to block the spam.

On a whole, how can we even argue about SPF-checks and reputation? The
entire purpose of SPF is about reputation: to protect the "good" one of
the domain owner. That repution, as anywhere else in the world, is only as
good as what he's sending. That's a sound principle, always, with or
without SPF.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>