On Mon, 15 Nov 2010 11:30:59 -0500 Michael Scheidell <michael.scheid...@secnap.com> wrote:
> So, SPF works, if EVERYONE FOLLOWS THE RFC'S AND BEST PRACTICES. Not really. SPF is too weasely. If the SPF authors really wanted a useful standard, then: 1) The only return codes would have been "pass", "fail", "none" and "error" 2) +all, ?all and ~all would not exist. 3) The spec would prohibit creating SPF records that cover "too large" an address space. Microsoft already abuses this; I believe it has SPF records with a /14 in them. This simply indicates an organization whose email infrastructure out of control. If your SPF records cover more than a /16, you're either incompetent or malicious. Tightening SPF would force people who publish SPF records to batten down their email infrastructure so they actually have control. It means that freemail providers like Hotmail who really have no control over their senders would not publish SPF records rather than publishing useless ones that contain ~all. And it means that people who check SPF records could be confident that the people publishing know what they are doing. As it stands now, the SPF spec permits so much waffling that it might as well not be used. Regards, David.
