From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: SMTP+SPF (was: [9fans] Re: new release?) From: Dave Lukes To: 9fans <9fans@cse.psu.edu> In-Reply-To: <3281.199.98.20.107.1077754455.squirrel@wish.cooper.edu> References: <5650c97bcaa9d357e77eb3396c1eb368@collyer.net> <3281.199.98.20.107.1077754455.squirrel@wish.cooper.edu> Content-Type: text/plain Message-Id: <1077757753.1991.177.camel@rea> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Date: Thu, 26 Feb 2004 01:09:13 +0000 Topicbox-Message-UUID: f8c83142-eacc-11e9-9e20-41e7f4b1d025 Sorry: sloppy keyboarding (what's new?). I meant to say ... > Does anyone here have an opinion (yes ;-) ) on SMTP+SPF? Yes, we all have opinions, in fact, our opinions all have their own opinions too. FWIW: it's too messy for me to comprehend in a sensible timeframe, and no-one I trust has yet said "it probably works for the following reasons", therefore, until this changes, as far as I'm concerned, it Doesn't Work. Also, as an aside, the SMTP standards contain various vague admonitions about maxima, which spf will probably blow ... (Y'see on the carton, where it says: "This sendmail is not warranted against buffer overflow"?). > http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to > ensure that the sender of an email is a real person from a responsible > ISP. ... sometimes, depending on whether the sender uses SPF, and what decisions your SMTP receiver wants to make ... In and of itself it does nothing: when a sufficient number of senders are under it's auspices, _then_ it may be useful (modulo above concerns). Dave.