At 04:11 PM 10/20/2008 -0400, Stuart D. Gathman wrote:
On Mon, 20 Oct 2008, David MacQuigg wrote:
Long-term, we need a way to motivate senders like Yahoo to publish their
authorized IP addresses. We cannot reject their messages, but we can send an
SMTP reject with a message like: "Sorry! We cannot guarantee delivery of
this message. yahoo.com does not offer sufficient authentication to prevent
forgery. We will run it through our spam filter, and keep it in our
quarantine, but the recipient may not read it."
Actually, yahoo *does* provide DKIM authentication. The problem is that
DKIM requires receiving the entire message first. We want them
to provide SPF in *addition* to DKIM.
I think most senders will comply after seeing a large number of these
messages. Yahoo may be special, however, since they have a vested interest
in a competing protocol. We've got to sell the idea that its not either-or,
but *both* protocols are needed.
Exactly. DKIM handles 2822 header fields. SPF handles 2821 envelope.
The protocols are complementary, not competing. SPF is super cheap.
So do we have enough "clout" to get Yahoo's attention? My mailflow is way too
small, but I'll bet if everyone on this list who manages a mailserver, starts
sending reject messages like the above, we'll get some action, or at least a
response.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com