Von: Chris Owen [mailto:owenc@hubris.net]
Gesendet: Donnerstag, 3. Dezember 2009 07:25
An: NANOG list
Betreff: Re: AT&T SMTP Admin contact?> It only stops forgery if the SPF record has a -all in it (as
hubris.net does).
> However, a lot of domains (mine included) have a ~all instead.I guess I've never really seen the point of publishing a SPF record if
it ends in ~all. What are people supposed to do with that info?
For instance some ISPs or Freemail providers give their customers the
possibility to use SPF as a value added service to decide if "senders
domain" should be dropped in theirs suspicious-folders or not .
I also learned that SPF is qualified for senders reputation :
http://www.ceas.cc/2006/19.pdf
Spamassassin assigns it a score of 0.6 but that is low enough it really
doesn't have much since it doesn't assign any negative points for
SPF_PASS.
> (And before anybody asks, yes ~all is what we want, and no you can't
ask us
> to try -all instead, unless we're allowed to send you all the
helpdesk calls
> about misconfigured migratory laptops"..
I certainly understand that you may not be able to lock down your
domain. We don't even try for customers for instance. However, if
you can't, I guess I don't really see what good publishing a SPF record
is if you tell people not to enforce it.
MAAWG published a document around : Trust in Email begins with
Authentication
http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Authentication_Pap
er_2008-07.pdf
Chris
-----------------------------------------------------------------------
--
Chris Owen - Garden City (620) 275-1900 - Lottery (noun):
President - Wichita (316) 858-3000 - A stupidity tax
Hubris Communications Inc www.hubris.net
-----------------------------------------------------------------------
--
Cheers
Andre