On Wed, Nov 28, 2007 at 11:45:29AM -0600, Rick Romero wrote: > >>One thing that bugs me is why we must now implement domainkeys on top > >>of SPF. SPF pretty much does everything domainkeys does but simpler. > > > >Because SPF is a broken hack that doesn't properly accomodate the > >forwarding of email without the use of other complicating hacks > >such as SRS which mangle the sender address. > > > >SPF should have been scrapped years ago. Instead, most large > >organizations use "?all" in their SPF entry (typically because of the > >forwarding problem), putting SPF in advisory mode which negates the > >whole purpose of having it anyway. > > I disagree. > The only way you should be using SPF on the receiving end is as an > additional weight for spam scoring.
Well, perhaps, but that's not how it was originally designed to be used. I don't disagree that it has devolved into just another spam scoring device though. It's not even a very good one, since you can't easily determine if a message is simply being forwarded. As such, the score modifiers tend to be low. -- Dean Brooks [EMAIL PROTECTED]
