On Mon, Sep 06, 2004 at 04:26:04AM -0700, Henry Linneweh <hrlinneweh@sbcglobal.net> wrote a message of 4 lines which said:
This is not a good beginning
Bad paper. The CipherTrust story, which is mentioned, is very weak: it contains several big mistakes (such as mentioning SenderID records... which do not exist yet since the working group is in the "last call" state) so I question its credibility. Regarding the facts, testing on my "spam" mailbox, I can see SPF records from spammers but it is very uncommon (there is no incentive for them to publish SPF immediately, because few sites will test them). Otherwise, SPF is not anti-spam by itself. In the same way that network security is not provided by a firewall alone, anti-spam protection is not provided by SPF alone. SPF is an enabler: it allows you to be more confident in the authenticity of the domain, giving reputation systems (whilelists and blacklists) a better chance to succeed.