I'm surprised that an allegation that SPF -- highly relevant to SMTP security -- is "vapourware", not to mention refutations of that assertion, are off-topic. Nonetheless, I apologise for reacting with irritation to Michael's claim to that effect: It's just that I expected better from a Security Team member. Much better.
Well, it is vaporware. Until it's used by a noticable percentage of hosts, it's irrelevant. I've had spf records on my own domain for some time, but that doesn't mean I believe that there is enough critical mass behind the idea to actually make it useful. I'm not yet pushing for spf records at my day job, for example, because there's not yet a benefit which would justify the effort on that scale.
Why is it not "vapourware"? Because prepackaged kits exist to trivially add
support to -=all=- of common MTAs: Postfix, Exim, sendmail, qmail,
Courier-MTA, and MS-Exchange Server.
That doesn't matter, unless a large enough fraction of people at both
ends of smtp conversations actually use the stuff. An implementation
that is not deployed is no more useful than a standard which isn't
implemented.
Mike Stone
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
