Re: SPF Record ...

Am Freitag, 17. November 2006 07:05 schrieb Marc G. Fournier:
> I'm thinking of adding one to DNS, but after reading up on it, I'm a bit
> concerned how this might affect some

I urge you in the strongest possible terms not to do that.  As someone who is
professionally involved in that issue, I can tell you that SPF is both
useless and dangerous.  It doesn't stop any spam, but it breaks email
protocols, annoys and restricts users for no gain.

> Since those having @postgresql.org accounts shoudl be limited to these two
> lists, can anyone comment on a) is this a bad idea? and b) would they be
> affected because they don't use SMTP AUTH and c) why aren't you using SMTP
> AUTH? ...

The fallacy is that proponents of SPF believe that users are free to choose
their SMTP server.  Contrast that with the widely spread and generally
welcome (among ISPs and government) practice of blocking outgoing TCP port 25
to address the spam-via-zombies problem (compared against SPF, this practice
at least works), you are then left with a situation in which some users
cannot send any email at all anymore because their ISP wants email to go this
way and the domain administrator wants it to go that way.  Ultimately, both
of these measures seriously restrict the redundancy feature of the internet
(what if your mail server is broken?) and impact the privacy and
self-determination of users (what if I don't want ISP 1 or ISP 2 to count my
email?).

But again, SPF doesn't stop any junk mail, so it's useless anyway.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/