On Mon, 14 May 2007, Frank Ellermann wrote:
Julian Mehnle wrote:
I also added a brief explanation of why the "implicit MX" rule
is problematic.
No problem with that brief explanation, but it doesn't convince
me that there is a problem. You argue that most domains have an
IP and therefore fall under the "implicit MX" rule. I'd argue
that most domains have an explicit MX, and therefore can't muddy
the waters.
Validating the "existence" of a domain by merely looking if it
has an MX (or lacking that an IP) won't help you long wrt spam,
professional spammers can arrange to survive this validation.
A part of the SPF FAIL philosophy is built on the assumption that
professional spammers prefer to abuse addresses surviving "call
back verification" (IOW real addresses), and that FAIL-protected
addresses aren't "good enough" for these professional spammers,
because checking (and rejecting) SPF FAIL is cheaper than CBV.
SPF is *not* for "stopping spam". It is for determining whether the domain
owner has authorized an IP address to send mail. The A mechanism identifies
ips by means of A and AAAA records. The MX mechanism identifies ips by means
of MX records (and the A and AAAA records they refer to). Enough said. The
"implicit MX rule" is pointless for SPF because the domain in question is
*sending* mail, *not* receiving it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com