OT: What is "SPF" ?

Matthias Andree matthias.andree at gmx.de
Wed Sep 1 14:22:34 CEST 2004 

On Mon, 30 Aug 2004, Tom Anderson wrote:

> From: "Matthias Andree" <matthias.andree at gmx.de>
> > SPF has _massive_ impact on how mail can be sent, and break both regular
> > mail forwards as well as injection through a friend's mail server.
> 
> I don't believe this is true.  SPF is just an improvement to DNS to allow
> people to do what they wanted to do with MX.  That is, discover authorized
> MTAs.  However, whereas MX identifies the receiving mail server for the
> domain, SPF identifies authorized sending servers for the domain.  The
> former is unique while the latter is indefinite.  I don't see how this
> breaks "regular mail forwards", and preventing "injection" from an
> unauthorized server is the entire point.

SPF is lobbied (not to say bullied) onto people for various purposes, to
prevent address forgery (untrue), spam (untrue) and all that. The uses
for which SPF is suggested will break mail forwards - with these, a
server re-sends a mail with the original envelope sender, which SPF will
flag as unauthorized.

> If I've read correctly, SPF allows
> the admin to determine the default action which remote receiving MTAs should
> take, either to accept or fail depending on the domain admin's SPF record.

It is true the admin is allowed to set the policy, but the way how SPF
lobbyists and also blacklists lobbyists have acted in the past will
warrant for insensible decisions on the majority of sites.

> This would seem to be a failing in the "traditional post", not a reason to
> oppose SPF.  Clearly it would have been a good thing to know who sent
> anthrax to Congress.  People need to be held responsible for things that
> they cause to be delivered to others, whether physically or electronically.

...thus breaking every form of properly (democratically) used anonymity.

Unfortunately, anonymity and pseudonymity is abused/exploited in the
internet for one's own personal economical advantage (which is the
motive that needs to be attacked), to show off security flaws and
carelessness (mass-mailing worms) and to some amount for stalking
(forged sender in embarrassing posts).

SPF helps with not a single of these problems, because it inherently
breaks forwards and hence make internet email on SMTP basis even more
unreliable than it already is.

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)

More information about the bogofilter-dev mailing list