SPF question
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Oct 31 16:41:00 UTC 2007
On Oct 31, 2007 3:52 PM, Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> SPF probably makes great sense to large ISPs who can't imagine users
> wanting to do email from anywhere else or run their own domains. SPF
> sucks for actual mail users.
SPF *may* also make sense for large entities that:
a) Send out a lot of mail, and
b) Are targets for fraudulent mail
EBay and PayPal would fit into that category, as would banks.
It seems not too outrageous for them to try to tell the world things like:
"If you get mail claiming to be from our domain that doesn't contain
our digital signature, then we're willing to suggest that it is
fraudulent and may be safely thrown away."
or
"If you get mail claiming to be from our domain that was not sent from
one of our IP addresses, then it did not pass through proper channels
and may be safely thrown away."
But that certainly imposes some burdens on the flexibility of one's
mail management. For the "digital signature" case, for instance, it
implies that people in the organization MUST pass their messages
through a mail server that knows how to generate the digital
signatures. If those servers are pretty locked down, which is
appropriate, then this implies some possible inconvenience in getting
outgoing mail signed.
This doesn't seem like something that everyone would want to apply to
their mail.
--
http://linuxfinances.info/info/linuxdistributions.html
"... memory leaks are quite acceptable in many applications ..."
(Bjarne Stroustrup, The Design and Evolution of C++, page 220)
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list