At 3:24 PM -0400 2005-05-23, Daniel Golding wrote:
A bizarre assertion was made that only a "few" are implementing SPF, which is demonstrably untrue.
It depends on whether you're talking about "few" relative to the number of mail systems in the world, or "few" relative to the number of users served by those mail systems. If you're talking about users, then all you have to do is implement SPF at a few large sites like AOL, where they don't support forwarding and therefore they don't care if they break forwarding, where they want to force everyone to use their outbound mail relay servers anyway, etc.... Do that, and you've got a "majority". If you're talking about mail systems, it's a whole different picture. Setting up TLSSMTP or SMTPAUTH is non-trivial, even for experienced admins. Indeed, many experienced admins may own their own domains, but not run their own machines. Even if the server side is capable of supporting TLSSMTP and/or SMTPAUTH, they may well be using clients which are not capable of doing so, or not capable of doing so interoperably with the server side. Much, much more difficult to get large numbers of installations. Penetration of SPF is pretty low, and it's likely to stay that way for the foreseeable future. The problems with SPF are pretty basic, and I don't see them being eliminated any time soon with a casual wave of your royal hand.
This obsession with perfection will (as usual) result in exactly no progress. Folks need to be willing to get 70% of the benefit for 10% of the effort.
And if twelve people told you that you'd have to implement twelve different incompatible systems, and each of them would give you a different 70% of the benefit for 10% of the effort (but only if they were the only solution implemented), what would you do? The IETF has taught us that multiple incompatible partial solutions is not a particularly desirable outcome. That way lies madness. -- Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.