-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don Lee wrote:
Frank Ellermann wrote:
Don Lee wrote:
It does not provide enough information to make a definitive judgement
about whether email is "legit" - and it never will.
It can be used to make this judgement. If you get a PASS claiming to
be MAIL FROM "me", and you know "me" (in your address book or another
kind of white list), then the mail was likely sent by "me" (or by a
zombie on my box, or by another customer of the same ISP, etc.), but
you can ignore this and hold "me" responsible if it's spam, and let
"me" figure out how to convince my ISP to prevent other users of this
ISP from forging my MAIL FROM.
This is all true, but ultimately the definition of "legit" often hinges
on the definition of "unwanted" , which is subjective. Ultimately,
neither SPF - nor any other purely technical means - is sufficient.
The difference between Frank and Don here is their use of the word
"legitimate". Don means "the message is not spam" (or "not unwanted").
Frank means "the message's identity is not forged".
Obviously, SPF cannot, and hasn't been designed to, detect whether a
message is spam or otherwise unwanted. However, it _can_, and has been
designed to, detect whether the message's sender identities are forged.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFvKlbwL7PKlBZWjsRAuDvAKCZaPyPDNXmaPD8tuEzYzDURVn0JQCgyq/o
BeHjziqwFw6bOLCT/6Dpp+Y=
=wmii
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735