Frank Ellermann wrote: > Jim Fenton wrote: > > >> We need to make every effort to make everyone know that publishing >> 'all' or (particularly) 'strict' is not something that is done >> lightly. >> > > +1 > > It is similar for publishing PRA FAIL and SPF FAIL, so you are > not forced to start this education from scratch. In a nutshell > policies allowing efficient identification of *suspicious* mails > will cut both ways, and limit some uses possible without such > policies. >
Unfortunately, I see efforts to encourage publication of SPF/SenderID -all records without explaining all the implications of that so the "education" being done there may not exactly be helpful. >> I know of tools that are under development to help domain owners >> know from where mail from their domains is being sent, and >> hopefully this will raise awareness too. >> > > It's possible to use the SPF and PRA "exists" mechanism to figure > this out, but for SSP with its "first author" you'd miss exactly > the interesting cases (for SSP) if you log Mail From or PRA uses. > I'm not sure I understand exactly what you're getting at, but if you mean that the definition of author/responsible/From domain is different in SPF, PRA, and SSP, that's true, and if the tool doesn't take that into account, it might miss some interesting cases. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
