W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: Why SPF and DK are not being used

From: James A. Donald <jamesd@echeque.com>
Date: Mon, 19 Jun 2006 12:28:28 +1000
Message-ID: <44960BCC.8080107@echeque.com>
To: Jeffrey Altman <jaltman@secure-endpoints.com>
CC: public-usable-authentication@w3.org

Jeffrey Altman wrote:
 > My e-mail server software supports both SPF and DK. I
 > attempted to utilize both but discovered that SPF and
 > DK miserably failed with mail relayed by mailing
 > lists.   Given that I am subscribed to hundreds of
 > lists and I desire to receive mail that is sent via
 > the list servers and that I wish mail I send to be
 > received by readers of the lists, I turned both SPF
 > and DK off.
 > The solutions are flawed because they do not permit
 > the continued use of common e-mail usage patterns. I
 > suspect more organizations would deploy a solution
 > that worked.

DK and SPF, as designed, are designed to punish
unauthenticated mail, rather than reward mail that can
be authenticated as coming from a known good source.

Who wants punishment?  In a world where authentication
is unreliable, we should not punish unauthenticated
mail, nor can we reward authenticated mail in a world
where spammers eagerly authenticate their mail.

          James A. Donald
Received on Monday, 19 June 2006 02:28:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC