[Asrg] SPF, was where the message
Ian Eiloart
iane at sussex.ac.uk
Wed Jan 21 03:06:59 PST 2009
--On 21 January 2009 01:04:27 +0000 John Levine <johnl at taugh.com> wrote:
>>> Don't hold your breath. SPF is dead -- and good riddance, it was a very
>>> stupid idea --
>>
>> So dead that of hotmail.com, gmail.com, mac.com, apple.com,
>> microsoft.com, facebook.com, ebay.com only er..., all of them publish
>> SPF records.
>
> For largely political reasons, Hotmail requires anyone sending a
> significant amount of mail to them to have Sender-ID records.
>
> For senders that are on its whitelist, AOL reverse engineers the IP
> addresses to whitelist from the sender's SPF records, which is way
> easier all around than the former mostly manual system.
>
> Since S-ID falls back to SPF records, most senders just publish one set of
> SPF records for both. Note that neither of these are using SPF for its
> nominal purpose; I'm not aware of any large system that does.
They're using it for whitelisting purposes instead of its nominal purpose?
That's exactly what I'm discussing. I think SPF has a bad reputation in
some quarters because people think of how it breaks forwarding (etc).
That's a shame, because it has huge potential when it comes to
whitelisting, and therefore reducing false positives in filtering.
Heck, a career change isn't the same thing as death!
> R's,
> John
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list