j o a r wrote: > > On 27 aug 2007, at 21.20, Kai Schaetzl wrote: > >> That's wrong. Even if all servers in the world would check SPF you would >> achieve *nothing* as the big majority of mail doesn't have anything to >> check. > > > Why would I, as a SPF publishing domain owner, care if they have > anything else to check? > As long as they reject messages that fail SPF checks for my domain, my > problem is solved. >
I guess I don't understand where the confusion is here. As Joar states, SPF allows me to protect my domains from forgery and potential backscatter, because anyone using SPF to validate senders can appropriately detect and handle SPF failures for messages claiming to come from any of my domains that are forged. And as Graham stated, SPF is NOT a spam tool, it is an anti-forgery tool that I can use to detect forged messages coming into my mail server from any domain that publishes SPF records, and likewise, anyone using SPF can confirm whether anything coming into their mail server claiming to be from one of my domains is forged or not. That's it, nothing more, nothing less. Don't expect SPF to do more than it was designed to do, detect forged senders (originally, SPF stood for "Sender Permitted From", and was later changed to "Sender Policy Framework", even though the original name seems more descriptive of what SPF actually does - though that's not necessarily what the SPF FAQ claims: http://www.openspf.org/FAQ/Sender_permitted). Bill
