On Wed, 2 Dec 2009, Valdis.Kletnieks@vt.edu wrote:
(And before anybody asks, yes ~all is what we want, and no you can't ask us to try -all instead, unless we're allowed to send you all the helpdesk calls about misconfigured migratory laptops".. ;)
While I'll remain neutral about the specifics of SPF (and all the other solutions), the legacy problem comes up trying to secure any thing. If it (and I deliberately leave "it" undefined) had never worked, no one would complain. Of course, there will always be someone who goes too one extreme or the other extreme. People were dropping heavily spoofed domains before SPF anyway. At what point do we consider legacy support not worth it? It took 10+ years, but now almost no SMTP servers allow open relay by default. Will it take another 10+ years to stop supporting misconfigured migratory laptops by default?