On Wed, Nov 28, 2007 at 11:45:29AM -0600, Rick Romero wrote:
One thing that bugs me is why we must now implement domainkeys on top of SPF. SPF pretty much does everything domainkeys does but simpler.
Because SPF is a broken hack that doesn't properly accomodate the forwarding of email without the use of other complicating hacks such as SRS which mangle the sender address.
SPF should have been scrapped years ago. Instead, most large organizations use "?all" in their SPF entry (typically because of the forwarding problem), putting SPF in advisory mode which negates the whole purpose of having it anyway.
I disagree. The only way you should be using SPF on the receiving end is as an
additional weight for spam scoring.
Well, perhaps, but that's not how it was originally designed to be used. I don't disagree that it has devolved into just another spam scoring device though.
It's not even a very good one, since you can't easily determine if a message is simply being forwarded. As such, the score modifiers tend to be low.
-- Dean Brooks dean@iglou.com