Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)

[erik@zoneedit.com (Erik Aronesty)]

Isaac To <iketo2@netscape.net> wrote in message news:<2ooJh-6zI-17@gated-at.bofh.it>...
> >>>>> "Erik" == Erik Aronesty <erik@zoneedit.com> writes:
> 
>     Erik> (1) In the real world, however, ISP's will use SPF to filter
>     Erik> mail and end users don't know their asses from their elbows
>     Erik> when it comes to "normal delivery paths".  So SPF filtering
>     Erik> *will* break a lot of legit mail.
> 
> Then your campaign should be asking ISPs not to directly filter out
> mails without your knowledges based on SPF.

True!  Do you know anyone over at AOL?  They seem to be promoting
SPF...

>     Erik> Small business users with shareware mail servers are going
>     Erik> to patch their mail servers with SRS?  Perhaps.  Perhaps
>     Erik> not.
> 
> I do think so as long as its users is using forwarding like .forward,
> once the hurt is being felt by its users.  The fault is that SRS is
> not used, and the business has no actual power to stop others to put
> out SPF records.

A good SPF filter will allow you to accept forwarded mail from non SRS
servers by listing the servers that you accept forwarded mail from.

SPF does not make it clear in the specification that it is to be used
by end-users/MUA's *only*, and that SPF filtering *must* be
configurable by the end user so the end user can turn on acceptance of
SRS rewritten headers from some sources (.forward) and not others
(throwaway domains).

This should be added to the specification immediately.