On Wednesday 14. February 2007 22:15, Bernard Dugas wrote:
Adrian Ulrich wrote:
And why not using the existing authentication protocol on outgoing smtp server ? So the sender can use the smtp server of the provider of its email address from any network and SPF can work without any problem.
How would this solve the forwarding problem?
Sorry, i don't understand the forwarding problem...
http://en.wikipedia.org/wiki/Sender_Policy_Framework
And how are you going to teach everybody to stop doing something that has been working fine for years?
SPF has two major problems:
1. Serious design flaws (such as the forwarding problem).
2. Peopele who don't understand SPF. If the not-understandig is a mailserver admin it gets fatal (and lots of them are).
Both leads to legitimate rejected mail (And not just "some" false positives, sometimes complete domains get locked out by mailservers).
So consider....
* Think twice before publishing SPF Records for your Domains. There are admins in the wild who treat "neutral" as "hard fail".
* I use SPF to reject mails with spoofed origings from my private mailserver. The number of rejected mails because of failed SPF checks is less than one percent of all REJECTED email. If I wouldn't be doing it for studies about mail, SPAM and means against it I'd completely let it be. It's not worth the effort to support a standard which is broken by design and so rarely used.
Michi