On 2011-07-06 at 05:57 -0700, Lynda wrote: > Well, you would certainly have found me in the opposing and more > intelligent (in my opinion) view supporting the record, and agreeing > with the idea that TXT is meant for, well, text things.
Oh, I agree. But horses departed at speed through barn doors and all that. > records (but 100% of those sites have an equivalent TXT record that is > identical in every way). Good, the specs mandate that. FWIW, I've resisted SPF at all, but where I do have SPF records, they're stored in both SPF and TXT RR types. Mostly the text field within those records just reads "v=spf1 -all" -- I tag all domains which don't send email with that. After all, the failure modes for SPF are that mail is incorrectly rejected; if the idea is that the mail should be rejected anyway, there's no harm done. > One supposes that you *did* read all the messages in this thread, Yes. I was summarising the state of affairs as a generic piece of guidance to those looking at SPF. I tend towards the complete. > I flat *loathe* DKIM. It makes email messages huge, and I find that most > spam (that I see) has either SPF or DKIM records in any case. Until we > get serious about prosecuting spammers, with actual penalties (and > include the companies that they spam *for* in those penalties), it isn't > going to get better. SPF is a band aid, and I'm annoyed about having to > add it, but understand that, due to the way the mailing list I have is > set up, for *this* particular instance, it's vaguely helpful. DKIM doesn't prevent spam as a whole. It does reduce phishing, joe-jobs and other abuse where a legitimate mail domain is fraudulently used. It doesn't prevent homoglyph-style attacks. Rather than use ADSP records for policy rules on rejecting mail, the large mail providers, banks and a few others are part of an industry body (I forget the name) which coordinates lists of domains which only ever send DKIM-signed mail. If mail comes in claiming to be from big-bank-in-usa and it's not validly signed, it gets dropped outright, no matter how good a job was done in crafting the email. DKIM helps the legitimate senders far more than it hurts the bad actors. It's not anti-spam, it is pro-domain-reputation. Reputation can be negative. > [1] I'm retired. I really *like* being retired. I envy you. :) -Phil _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
