+1
I'm more focused on the use of SPF (plus DKIM signing) in the context
of phishing.
General rant (not directed at Scott):
As a sender, if I publish a record that ends in -all and you, the
receiver choose to pass mail claiming to be from one of my domains
(that fails) to one of your endusers, I am going to point them in your
direction when they contact me about that phishing email. I can't
force you to any given behavior (King Canute invocation) but I can
make sure that your endusers know that I have taken steps to provide
you with clear information as to which IP addresses are authorized to
send mail for particular domains.
agreed and if I do correctly only reject mail hitting -all when it comes from
non-user whitelisted forwarders
and allow all from user whitelisted forwarders
i can if a spoof arrives still point the user at the forwarder they chose to
use as the source problem
...
if i was a provider not whitelisting forwarders
and allowing mail even if matching -all from anywhere
to make up for my incompetence at dealing with forwarders
i would have to accept I was the issue
.................
there simply is no reason for spf to have to alter to deal with forwarders
{being allowed through}
this is entirely down to running a competent receiver
.................
the only place where spf could IMHO be enhanced
is to deal with rejecting some clear spoofs even after whitelisted forwarder
{where forwarder is ignoring spf}
and at idiot recievers not following -all from anywhere due to
inability/unwillingness to whitelist their forwarders
and this is where the hardfail "v=spf1 stuff designating allowed ip's -all"
should be treated differently in spf parsers to the ALWAYSFAIL "v=spf1 -all" or
as i keep suggesting "v=spfx {extrachar}all" or "v=spfx -any"
where the sender is indicating the address doesn't exist anywhere from any ip
i think the parser re-write should be trivial but standardised just an extra
return code to spf1
and if a v=spf3 ever happens {to skip over senderid and possibly incorporate
its functions into spf {to be utilized or ignored by publishers at their
discresssion} it would be nice to have the extra syntax added
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com