On Saturday 02 December 2006 23:35, Alex van den Bogaerdt wrote:
Indeed. And, like in the rest of the world, you can't get rid of
every and all forgeries. But you can try, try hard, or not try
hard enough.
It seems to me that what you are arguing about is what the policies of domain
name based RBL operators should be.
You are arguing that they should be reasonable.
I would agree that they should be reasonable.
They aren't a major factor currently, so we don't know how that will work out
in practice. Given the way some IP based lists are run, I don't have a great
deal of confidence that they will be consistently reasonable.
I aim not to find out the hard way. That's why I don't give a Pass when
forgery is possible given normal system operations. I'd rather take the risk
that some messages don't get accepted because they are given a Neutral SPF
result.
Other people would prefer to accept the cross-user forgery risk (which is
admittedly currently small). I don't have a problem with that. It's a trade
off domain owners need to make.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735