Hi,
On Thu, 03 Jun 2004 12:06:19 -0400 Ben Hanson <[EMAIL PROTECTED]> wrote:
[...]
> Anyway, I'm aware that SA3 will contain some spf functionality, and have
> been wondering about whether it is to my own personal benefit to create
> an SPF record for my own domain. We had issue a while back with
> somebody spoofing transprintusa.com and spewing forth one of the recent
> Windows viruses. I got a lot of undeserved hatemail, as postmaster.
If legitimate mail from transprintusa.com will only originate from your
servers (or a known, static set of hosts you trust), you might as well
publish an SPF record. It's cheap and easy and it's something to point
at the next time your domain is spoofed and you get hatemail ("...and
the reason your mail server accepted mail forged as from our domain
is...?")
> SPF would only help me personally in the short term in such a scenario,
> as I understand it, if the recipient of such a spoofed message were on a
> server which was coincidentally checking spf , which failed against my
> info. The other majority would still get the message. In the longer
> term, it might be increasingly effective, if the percentage of adoption
> goes up, and SA3's inclusion of SPF will insure that.
It won't stop spam but helping other mail admins judge the legitimacy of
a message is a good thing. The effectiveness of SPF will be measured
both by the number of systems publishing SPF records and the number of
them checking them; it's a chicken-and-egg problem, so if you have faith
SPF will work, publish SPF records. Same thing for web-o-trust
(http://web-o-trust.org/), et. al.
OTOH, if MS manages to encumber the IP behind SPF, I'll delete my SPF
records and deal with the forgeries. The lessons of Unisys and Forgent
with respect to encumbered technology should not be forgotten,
especially where MS is concerned[1].
-- Bob
[1] Which is everywhere you want to be, apparently. This isn't pointless
MS-bashing; the internet's success is due to unencumbered, open
standards and its continued growth and health depend on maintaining that
openness.
