On 13-Dec-06, at 12:53 PM, Marc Perkel wrote:
Mark, SPF isn't an anti-spam technology. Anyone who says it is, is an
imbecile. SPF is an anti-forgery technology. Those who continue to
think
of SPF purely as a spam control technology are doomed to be
disappointed
and/or endlessly make posts like "SPF can be evaded by spammers, they
just publish their own SPF". Duh.
It's anti spam technology. The reason people use it is because
spammers are forging email addresses.
Just because YOU say it, doesn't make it so. Everybody who
understands SPF knows what it is.
That said, your comment about blocking no spam is pure horsehockey. I
have plenty of spam matching SPF_FAIL and SPF_SOFTFAIL.
I've also have had no FPs from SPF, except websites like hire.net
that
insist upon forging my domain as the envelope sender when generating
emails to my HR staff. Actually, MAIL FROM, RCPT TO, From: and To:
are
all identical. Brilliant.
Yep - they are using "normal" email technology. That's supposed to
work. That's what SPF breaks. It also breaks email forwarding.
I prefer to say "email forwarding breaks SPF" but that's just semantics.
The truth of the matter is that email forwarding makes up less than
0.001% of all email so, when it happens its an minute annoyance at
best since the sender is made aware of the forwarded address and the
message can be re-sent.
And SRS does not break the ability to do conditionals, because the
true
envelope from address is still a part of the rewritten envelope from.
You just need to make your conditionals match the SRS version.
You have to rewrite all your conditionals to support the broken
technology.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
This email address protect by SPF! Want to protect your domain's
email from forgery? Visit openspf.org