[Asrg] where the message originated (was: DKIM role?) (SM)
Ian Eiloart
iane at sussex.ac.uk
Mon Jan 19 03:12:55 PST 2009
--On 16 January 2009 08:51:57 -0500 Dotzero <dotzero at gmail.com> wrote:
> On Mon, Jan 12, 2009 at 6:33 AM, Ian Eiloart <iane at sussex.ac.uk> wrote:
>>
>>
>> Actually, it occurred to me that we have mechanisms whereby domain owners
>> can prevent abuse of their domains (SPF and DKIM). Therefore, we should
>> feel free to bounce email to any domain owner the doesn't deploy SPF and
>> DKIM - in order to encourage them to do so. Of course, bouncing email is
>> also OK when you find an SPF or DKIM match.
>>
>
> Ian, the correct way of phrasing it is that SPF and DKIM can MITIGATE
> (my emphasis) certain types of abuse of their domains.
>
> I would also point out that someone could deploy an SPF record with a
> +all. How does that prevent anything?
It doesn't prevent anything. SPF records don't prevent anyone attempting to
forge email.
Of course, if you publish an SPF record with +all, then nobody here is
going to argue that I shouldn't bounce email into your domain, are they?
And, my guess is that domains with such records are going to find it hard
to deliver email to anyone. In the end, it will be equivalent to publishing
an SPF record with "-all".
And, it's not all or nothing. The more liberal your SPF record, the sooner
you'll find that people stop accepting ANY email from you.
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list