Re: [swinog] to SPF or not to SPF

Daniel.Blaser(a)lkw.li wrote: Here's my view: Use DomainKeys instead of SPF. DomainKeys serves the same purpose, but doesn't share the fundamental brokenness of SPF. SPF should be avoided because it's fundamentally broken: If you publish an SPF record with a "-all" directive (if you don't have that, SPF doesn't allow to reject forgeries, which makes SPF pretty pointless IMO) and you send mail to an email account on my mailserver via a forwarder (RFC1123 requires internet hosts to support mail forwarding, and it's a relatively widely used feature) your mail will bounce if my mailserver checks SPF unless I whitelist every host which forwards mail for one of my users. But that isn't feasible because I can't expect my users to understand the brokenness of SPF and tell me about each forwarder someone is using. Greetings, Norbert. -- Norbert Bollow <nb(a)bollow.ch> http://Norbert.ch President of the Swiss Internet User Group SIUG http://SIUG.ch