[Asrg] where the message originated (was: DKIM role?) (SM)
Ian Eiloart
iane at sussex.ac.uk
Mon Jan 19 03:55:06 PST 2009
--On 16 January 2009 10:00:17 -0800 SM <sm at resistor.net> wrote:
> At 03:45 16-01-2009, Ian Eiloart wrote:
>> Now, what I'm suggesting (not advocating yet, because I'm not
>> certain that this is right), is that when there's no SPF record
>> published, that we should not feel too bad about bouncing email
>> because the domain administrator isn't taking adequate steps to
>> protect the domain against spam blowback, and against phishing. Of
>> course, I'm NOT suggesting that lack of an SPF record should score
>> very high in any any spamicity measure, but it might count for something.
>
> What does SPF have to do with phishing?
Er, a lot. Would you rather bank with an organisation that published SPF
records, or not? I know I would.
I'd also like an email client that tells me when the From: header domain
doesn't match the return-path domain.
>
> I prefer to take adequate steps to prevent "invalid" bounces. It helps
> me if the postmaster takes adequate steps for me to determine what is
> valid. Some people do not use SPF due to its restrictions on email usage.
>
>> Now, an SPF or DKIM match gives us the huge gain that we can bounce
>> messages selectively based on the content. Some recipients may not
>> want certain message content, but by the
>
> DKIM-signed messages coming through this mailing list cannot be verified.
>
> Regards,
> -sm
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list