Hanish and all, Hamish MacEwan wrote:
On Sun, Jan 25, 2004 at 12:52 +1300, Ewen McNeill wrote:
SPF does seem to be a useful step though, as it'll reduce the number of "joe jobs". And hopefully also encourage more people to set up SMTP AUTH and the like.
This proposal got a once over from some interesting names, Dave Crocker http://www.interesting-people.org/archives/interesting-people/200306/msg0008...
Before one gets too carried away one might want to take a look at http://www.dnso.com/incompetence/ However Dave Farbers comments in his response to D'Crock was quite right...
Brad Templeton, http://www.interesting-people.org/archives/interesting-people/200310/msg0013...
who agrees with Simon and Ewen regarding its benefit,
"It is very worthwhile as a system to stop people from forging your domain in their envelope-from address, and that's good for you, since it might reduce the amount of complaints you get about spam sent in your name."
And points out its limitations...
"In addition, this system can only authenticate the envelope sender domain, not the "From:" header on an E-mail. (If it tried to authenticate the From header, it would break mailing lists and legitimate relays.) As such, it may not even defend against many forgeries. And not have much luck on viruses either."
And Steven M. Bellovin "(Note that although I'm a member of the IESG, I'm speaking as an individual. I'm not even saying how I'd vote if this document were to come before the IESG today -- IESG evaluations are a deliberative process, and I could very easily be talked out of some or all of my points.)" chimes in, http://www.interesting-people.org/archives/interesting-people/200401/msg0003... with a number of points including Don's regarding TXT RR:
"The most glaring problem with SPF is the use of TXT records. TXT records are supposed to be free-form text, with no semantics attached. The use of TXT for test purposes is understandable (though regrettable -- an experimental record type code would be better); the use of TXT records for textual error messages is not. The document itself notes the problem of ordering of multi-record messages."
Ewen
Hamish.
-- I never would believe that Providence had sent a few men into the world, ready booted and spurred to ride, and millions ready saddled and bridled to be ridden. -- Walt Whitman, American poet _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801