[Mimedefang] Deadline for SPF records

Daniel Taylor dtaylor at vocalabs.com
Mon Aug 9 15:34:52 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Les Mikesell wrote:
| On Mon, 2004-08-09 at 10:47, Dave Williss wrote:
|
|
|>So back to the postal analogy,  you'd could drop a letter in your own
|>mailbox from anywhere in the world as long as you had the key.
|>Although, if the authentication is done by password sent in clear text, I
|>don't think I would like that option.
|
|
| Yes, analogies are always flawed, but my point is that I don't
| want aol or msn to claim, rightly or wrongly, that they control
| the content of my messages even if they happen to originate
| from that domain.  As I understand it, that's what you get from
| SPF and if people come to rely on that, it will be enforced to
| make it true.
|
You overestimate what SPF does.
All SPF-Pass means is that the e-mail came from an authorized
sender for the domain in question. Aol can use SPF to say that
e-mail from smtp.aol.com is from an aol user or employee, while
if it comes from pool-dynamic-11-12-12-12.DSLexample.net it is
unauthorized, and probably forged.

Content is beyond the scope. For content authorization or verification
you need GPG, S/MIME or something similar.

- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor at vocalabs.com   http://www.vocalabs.com/        (952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBF9Hc8/QSptFdBtURAj9KAJ99H+I79kMmNELbO234cajbqqYUMQCfYFq2
m0oPRy7KbCY1eM7GKOZjWwg=
=nNRo
-----END PGP SIGNATURE-----



More information about the MIMEDefang mailing list