[Dovecot] spf record

Matt lm7812 at gmail.com
Wed Nov 28 19:36:00 EET 2007


> > One thing that bugs me is why we must now implement domainkeys on top
> > of SPF.  SPF pretty much does everything domainkeys does but simpler.
>
> Because SPF is a broken hack that doesn't properly accomodate the
> forwarding of email without the use of other complicating hacks
> such as SRS which mangle the sender address.
>
> SPF should have been scrapped years ago.  Instead, most large
> organizations use "?all" in their SPF entry (typically because of the
> forwarding problem), putting SPF in advisory mode which negates the
> whole purpose of having it anyway.
>
> DomainKeys at least provides a solution for the original problem; the
> ability to determine whether an email came from a mail server that
> was authorized to send from that domain, -and- the ability to embed
> that signature into the message itself rather than relying on only the
> source IP address to give that information.
>
> Everyone has different opinions on the usefulness of SPF, but the
> reality of it is, DomainKeys solves the entire problem.  SPF doesn't.

Where does DKIM fit in all this?  Could Exim compile it in without the
license restrictions of domainkeys?  I use Directadmin which is based
on exim and dovecot.

http://wiki.exim.org/DomainKeys
http://wiki.exim.org/DKIM

Matt


More information about the dovecot mailing list