On Mon, Mar 08, 2004 at 03:40:11PM -0800, Mark C. Langston wrote:
> Yes, SPF is titularly "just another scoring system." However, the
> existence of "-all", and the checks performed before the message is even
> completed, much less spooled, makes it less of a scoring system and more
> of a distributed blocklist.
I prefer to think of SPF as a distributed whitelist, of envelope sender
messages _only_. It does not mean I'll whitelist the message!
Eventually, I won't send bounces unless SPF returned an OK. This does
not mean I will block messages from everyone else (nor does it mean I
_won't_ do that).
I wouldn't be surprised if a method similar to spamassassin will be used:
if the message is suspect, wrap it in another envelope with a note
similar to:
This message is likely send using a forged email address. Replying
to it may result in sending a message to an innocent third party.
The original message is attached without modification.
SPF-Query result: a.b.c.d is not a designated source of mail
for domain example.tld
sincerely, your postmaster
The end result is that the local postmaster is sending the message to
the local user. Bounces, if any, will go to the postmaster (process)
in stead of the innocent third party.
cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags
