Re: SPF breaks email forwarding

Tue, 25 Jul 2006 09:51:33 -0700

I don't have an SPF record because I refuse to support a broken technology. SPF breaks email forwarding. My users use forwarding. SMTP is broken - but I can't change that. I have to be compatible with the rest of the world. 

Gino Cerullo wrote:
Whether it's SPF, DKIM, a combination of both or something completely new, the laissez-faire attitude of the past toward SMTP just doesn't cut it anymore. Criminals (and yes, I consider anyone who forges an identity to hide who they are a criminal no matter their intent) have taken advantage of the loose way in which SMTP was and still is implemented and they are causing considerable damage. If a few 'eggs' have to be broken on the way to securing our email systems than so-be-it. 


I agree with Michael Scheidell, "SMTP is broken.  has been, phishing, 
forgeries, email viruses prove it."



To make a statement like "SPF breaks email forwarding" and not offer 
an alternative merely makes you come off as a troll with an agenda. 
Now, I know from your contributions here that you are neither a troll 
or have an ulterior motive with such a statement but at the same time 
I can't even trust that the original email came from Marc Perkel 
<[EMAIL PROTECTED]>.



As it stands, I can't trust the integrity of your domain 'perkel.com' 
since it does not have an SPF record. Anyone can claim to be you, even 
a troll. Now, you might say that s/mime could be the answer to that 
and you'd be correct but s/mime is expensive. Expensive in computer 
resources because it means that my server still has to receive every 
email, process it through virus and spam filters and then pass it on 
to me where what remains still has to be evaluated by me or my MUA.



The idea behind SPF and its contemporaries is that obvious forgeries 
are handled by the MTA before entering the system for further 
evaluation, taking a huge load off the infrastructure we've been 
forced to put in place to deal with a system that is clearly, at 
present, broken.



Personally, I think SPF, DKIM and any other workable proposal goes 
beyond just protecting me from spam, phishing and email viruses. It 
protects the integrity of my domains and further, the IP addresses in 
my control since I insist that all the domains I host on my server all 
have SPF records. People can trust that an email message claiming to 
come from one of my domains or from one of my IP addresses does in 
fact originate there.


Thanks
--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON  M3M 1W6

T: 416-247-7740
F: 416-247-7503

























					Reply via email to