-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 16 June 2004 04:17 am, Edward Brookhouse wrote:
> Is there any method of distinguishing between (conversationally spekaing)
> setting up an email server that checks SPF vs. just adding SPF records
> for your domain so other servers that do check SPF records will allow
> you??
>
You've seen other replies, but allow me to elaborate why there is a
difference.
When you publish SPF, you are telling others what servers are allowed to
send email for your domain. Our goal is to get everyone to publish SPF
records ASAP. The more people publish, the more useful SPF checking will
be.
SPF checking is really a big topic. It can be done anytime -- even before
the email is sent. Right now, most people are just adding a header
"Received-SPF" that details the results of the SPF check. In the future,
people will start discarding unauthorized email, including email for
domains that don't publish SPF records.
We will be able to start doing domain-based email filtering. That means that
people's domain names will have real value in the email world. Any old joe
won't be able to send email claiming to be from Amazon, so all email from
Amazon is really from Amazon. If Amazon sends spam that no one wants, their
reputation will go down, and people may start discarding our email
outright. On the other hand, if Amazon is responsible, then people will
accept our email, and may be willing to look over a few lapses.
The most important checking will be done by police. They can determine if
an illegal email originated from the domain owner or just the server. If it
was authorized by SPF, then they can go look up the name and address of the
domain owner. In the end, they can knock on someone's door and toss them in
jail.
So, SPF will only be completely successful when people who abuse email
publish their SPF records.
We encourage you to publish SPF records for all domains you own, even if it
is just to say "I don't send email from this domain." We also encourage you
to spread the word about SPF and get others to do the same.
The SPF checking part will come later. You can help with testing and such,
but we aren't pushing people to do it yet.
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard@amazon.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFA0Jv3BFeYcclU5Q0RAovlAKDEHvtaaSfDPdWBtKx2jEoDaBB2WwCgxa6U
+zsFJQjt75e9xfu+r4QcIps=
=eSj1
-----END PGP SIGNATURE-----
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com