SPF on vger
Posted Jun 15, 2006 14:04 UTC (Thu) by pizza
In reply to: SPF on vger
Parent article: SPF on vger
First, don't use the term 'spam', as it's so ambiguious ("unwanted e-mail") as to have no real meaning. Please use a more specific term; you want to deal with trojans or phishing mails differently than the latest Victoria's Secret catalog.
Oddly enough, the former two tend to rely heavily on forged SMTP envelopes, which is precisely what SPF is intended to deal with, and it accomplishes that fairly well. Does it break certian practices? Well, yes. But what its detractors fail to understand is that this is a trade-off that many, many willingly make, especially when it is their reputation and/or money on the line.
Don't forget that these problems exist because of the deficencies of the original SMTP (and yes, DNS) systems.
"Requiring most of the world to participate" is actually a feature of the Internet -- the network is dumb; the end-points are smart. But it also makes change very hard to implement.
As such, the disruption from replacing the whole schebang will be far greater, even though everyone agrees that it's what really needs to be done. And that will certianly break many things that work now.
Incidentally, is there an "official" use for TXT records? "Arbitrary Binary Data up to 255 characters" sounds like there isn't, and a domain owner choosing to use that "arbitrary data" for purposes of reducing forged mail being sent under their domain certianly sounds like an appropriate use.
Using DNS TXT records is a cool idea because it doesn't require any new infrastructure, unlike, for example, using PGP signatures, which works well on an individual basis but otherwise scales terribly due to the necessity of establishing trust anonymously.
to post comments)