Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
OK Daryl,
How do you deal with people forwarding email from another domain when
using SPF?
Marc, please stop for a moment and make sure you have a clear picture
of what you're trying to achieve by this debate which is really close
to turning into a big flame war. If you don't want to do that, at
least stop asking questions meant to find fault in something I've
already said isn't wise to do.
I have no problem at all with people forwarding email. An SPF failure
has little, if any, meaning to me. The only thing I use SPF for is
whitelisting mail sent from authorized systems for a domain, but I've
already said this.
In case you missed that, SPF, like other technologies such as DKIM, is
only useful in all cases for positive authorization. It is NOT
conversely useful. The DKIM camp knows this, but unfortunately some
of the SPF camp appears not to. You appear not to even realize the
utility in authorization at all, positive or negative.
I'm absolutely amazed that someone who claims to have their own
anti-spam system that can accurately determine if mail is ham/spam 95%
of the time without the aid of SA doesn't realize the utility in being
able to accurately assess a domain's reputation (via either local
whitelists/etc or third-party reputation systems).
Anyway... please take a minute to make sure you're actually working
towards achieving some useful goal with this thread and not just
defending some long forgotten goal.
I'm not the one who started this discussion. I did change the subject
line when the pro SPF lobby entered my other thread and moved it off the
topic I was talking about.
So - if you use it for whitelisting - how do you distinguish a good
sender using SPF and a spammer using SPF? Wouldn't you be whitelisting spam?
