On 10/11/2024 12:49 AM, Matus UHLAR - fantomas via mailop wrote:
Yes, SPF has drawbacks. But it is still trivial to implement and
makes DMARC easier to implement as well.
Actually it isn't. And, really, it doesn't.
* It is trivial for a sender to generate an SPF record.
* It is also trivial for them to generate a bad SPF record.
* It is also trivial to generate an SPF record that does not list all
of the IP's that are authorized to send on behalf of the domain name.
* And, of course, it is trivial for SPF use to produce failures for
mail that transits relays, never-mind intermediaries.
Also, it is not really trivial for a receiver to implement SPF, given
the complexities it specifies.
As for linking it to DMARC, it makes DMARC that much more fragile.
As with many aspect of anti-abuse work, it is trivial to claim one or
another feature of the work is trivial, where fully considering the
details and implications actually are quite far from trivial.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
