[spf-discuss] Re: Automatic key verification / CERT in DNS / RFC4398

Alex van den Bogaerdt alex at ergens.op.het.net
Wed Apr 5 15:15:21 CEST 2006

On Wed, Apr 05, 2006 at 02:44:28PM +0200, Werner Koch wrote:
> On Tue, 4 Apr 2006 13:37:35 +0000, Julian Mehnle said:
> > What do folks -- especially the gnupg-devel ones -- think about using SPF 
> > for that purpose?  Are there any non-obvious fundamental issues that need 
> > to be taken into account?
> I consider SPF far to complex to solve the simple goal of
> authenticating the source of an email.  It does not stop spam , as
> this requires content filters and the jurisdiction and won't
> authenmticate the full message.

And indeed: spf does not authenticate the source of an email,
neither is the intention to stop spam (although that is a nice
side effect).

SPF authorizes relays of an email, and is intended to stop spoofing.

However, SPF could assist other technologies.  It could communicate
to the receiver that certain mail should be GPG signed, where the key
can be fetched, etc.


More information about the Gnupg-devel mailing list