Damon wrote: > spammers were the first to jump on the SPF band-wagon and > made their domains SPF compliant. Some people pointed to this > as an SPF failure and asked themselves what the point was to > deploy it.
If spammers publish policies resulting in either PASS or FAIL, and send MAIL FROM such domains, it's fine. If other domain owners don't see the point now they'll see it later if their domain is forged... <shrug /> They can also check out BATV in constellations where that's possible - but that won't help receivers flooded with alleged MAIL FROM that domain. > Hopefully this document does not raise the question "What is > the point of deployment?" Of course it does. A DKIM SIGNED isn't the same as SPF PASS, because the latter at least indicates that bounces won't hit innocent bystanders, but otherwise spammers will try to get a DKIM SIGNED like they try to get an SPF PASS. If some folks then whine that DKIM is pointless because smart spammers (try to) deploy it... <shrug /> The real question is if legit senders and more important receivers deploy it - and for what purpose, simplifying abuse reports isn't too exciting. Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
