"Since the vast majority of spam has forged return addresses, no responses are sent back"
That's right and all the innocent owners of the forged addresses get stuck dealing with your spew.
It works for you, but it's a pretty selfish way to go about it.
Personally, I have not and will not ever respond to challenge/response schemes until I see one that manages to not spam innocent bystanders. If important enough, I call them. Otherwise, oh well.
Most of those are arguements against SRS, not SPF per se.
The architectural issue is that SPF checks have to be done at the trust boundary to be done correctly. In the forwarding case, that transition is at the forwarder (the forwarder is an agent of the receiver, not the sender). Alternatively, receivers can whitelist forwarders from SPF checks as it's already to late to do SPF correctly.
The bottom line is that receivers need to understand their mail architecture to check SPF. SRS is a hack that would simplify that effort, but it's certainly not necessary for SPF.
Personally, in two years of a -all SPF record I've had a grand total of TWO messages bounce due to forwarding. From my perspective it's all much ado about not very much. The nuisance of having to re-send two e-mails is noise level. I am miles ahead because I no longer have to deal with hundreds of joe job bounces every day.
There ought to be an exception only if you trust the state to be the arbiter of what is obviously false.
Let whoever say whatever they want, but they are responsible for what they say,...you stole my code...no I didn't, prove it...time passes with no proof...sue for slander, defamation, etc. (jury trial)...false accuser pays damages...
Takes longer, but keeps governments out of deciding what we can say.
Slashdot Mirror
Your understanding of bounce versuse reject seems correct to me.
"Since the vast majority of spam has forged return addresses, no responses are sent back" That's right and all the innocent owners of the forged addresses get stuck dealing with your spew. It works for you, but it's a pretty selfish way to go about it. Personally, I have not and will not ever respond to challenge/response schemes until I see one that manages to not spam innocent bystanders. If important enough, I call them. Otherwise, oh well.
Most of those are arguements against SRS, not SPF per se.
The architectural issue is that SPF checks have to be done at the trust boundary to be done correctly. In the forwarding case, that transition is at the forwarder (the forwarder is an agent of the receiver, not the sender). Alternatively, receivers can whitelist forwarders from SPF checks as it's already to late to do SPF correctly.
The bottom line is that receivers need to understand their mail architecture to check SPF. SRS is a hack that would simplify that effort, but it's certainly not necessary for SPF.
Personally, in two years of a -all SPF record I've had a grand total of TWO messages bounce due to forwarding. From my perspective it's all much ado about not very much. The nuisance of having to re-send two e-mails is noise level. I am miles ahead because I no longer have to deal with hundreds of joe job bounces every day.
Right. DomainKeys doesn't break fowarding, it breaks mailing lists instead.
Pick your poison.
There ought to be an exception only if you trust the state to be the arbiter of what is obviously false. Let whoever say whatever they want, but they are responsible for what they say, ...you stole my code ...no I didn't, prove it ...time passes with no proof ...sue for slander, defamation, etc. (jury trial) ...false accuser pays damages...
Takes longer, but keeps governments out of deciding what we can say.