paul@clubi.ie (Paul Jakma) writes:
SPF is worthless.
i don't agree. i think it's overengineered and that a simpler solution like the one at <http://sa.vix.com/~vixie/mailfrom.txt> should have been deployed years ago, but i don't think SPF, or things like SPF, are at all worthless. every time someone forges one of my domains or e-mail addresses as a spam source, i get all kinds of bot-mail telling me that what the spammer tried to do didn't work. quite a lot of challenge/response nonsense. quite a few majordomo/etc listbot error messages. a whole pile of mailer-daemon@ errors. the right way to resolve this would be to make all errors synchronous to the smtp session where they occur. but this would prevent secondary-mx, or any kind of asynchronous mail forwarding. so, mail that requires a robotic reply has to cause a new envelope to hold this reply, and if the source was forged, then some innocent bystander is going to get that reply. if all mailbots learned to speak something like SPF, and my domains all advertise the nec'y metadata to enable something like SPF, then i would find it far easier to filter the remaining drivel in my inbox, which would just be spam and e-mail (listed in order by volume) -- no more mailbot responses to messages i never sent. the economic benefit that will actually cause something like SPF to come into wide use is different yet again -- it's not to make it easier to filter the remainder, and it's not to stop spam. it's to protect trademarks owned by large e-mail providers ("@hotmail.com" being one, "@yahoo.com" being another) from dilution. everything that happens on the internet these days happens for economics-related reasons. i'm glad that companies bigger and richer than i am find it in their own selfish best interests to push something like SPF -- that means it'll happen. that my own reasons differ from theirs is immaterial. that they have to mismarket it as a spamstopper to get corporate and investor support for it is also immaterial. the fact is, it's coming -- and it's useful, just not for the advertised reasons, or a universal reason. -- Paul Vixie