14 Feb
2007
14 Feb
'07
10:56 p.m.
On Wednesday 14. February 2007 22:15, Bernard Dugas wrote:
Adrian Ulrich wrote:
Sorry, i don't understand the forwarding problem...
http://en.wikipedia.org/wiki/Sender_Policy_Framework
And why
not using the existing authentication protocol on
outgoing smtp server ? So the sender can use the smtp
server of the provider of its email address from any
network and SPF can work without any problem.
How would this solve the forwarding problem? > And how are you going to teach everybody to stop
doing
> something that has been working fine for years?
SPF has two major problems:
1. Serious design flaws (such as the forwarding problem).
2. Peopele who don't understand SPF. If the not-understandig is a
mailserver admin it gets fatal (and lots of them are).
Both leads to legitimate rejected mail (And not just "some" false
positives, sometimes complete domains get locked out by
mailservers).
So consider....
* Think twice before publishing SPF Records for your Domains.
There are admins in the wild who treat "neutral" as "hard fail".
* I use SPF to reject mails with spoofed origings from my private
mailserver. The number of rejected mails because of failed SPF
checks is less than one percent of all REJECTED email. If I
wouldn't be doing it for studies about mail, SPAM and means
against it I'd completely let it be. It's not worth the effort
to support a standard which is broken by design and so rarely
used.
Michi
--
George Orwell was an optimist.