Re: VGER does gradual SPF activation (FAQ matter)

[David Woodhouse]

On Mon, 2006-06-12 at 20:17 +1000, Neil Brown wrote:
> If you get a letter from your aunt in Rome, and it is post-marked
> 'Moscow', you might doubt the authenticity.

If my aunt lives in Rome but I get a postcard (or even a letter) from
her in Moscow, are you suggesting I should consign it to the dustbin
unread? That's what the SPF folks seem to want, and it works no better
in your snail mail analogy than it does in real life.

People travel. Mail gets forwarded.

>   If it claims to be from your swiss bank with the same post mark you
> would doubt it even more. 

In the case of mail from my bank, if it _had_ a postmark rather than
being pre-paid I would be suspicious.

The SPF folks would have me refuse mail from claiming to be from the
bank because it's actually delivered by my postman, and he doesn't work
for the bank therefore it must be a "forgery" (using their new
definition of that term).

Meanwhile, in the real world, I don't want to throw away valid mail. And
there are better ways of avoiding fakes, too. 

ObVger: we should probably enable sender verification callouts, if
they're not being done already. There's no justification for accepting
mail from an address which doesn't accept bounces. That would combat
forgery in a much saner manner.

-- 
dwmw2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/