The fight was over before it began.

SPF hater Nick Fitzgerald’s case: “Weak user authentication… trivial to break… Worse than useless.”

And as if that’s not bad enough, it can’t stop zombie-mail pumped through legitimate mail servers.

Those are just a few of the insults hurled at the Sender Policy Framework method for sender authentication at the 15th Virus Bulletin International Conference in Dublin, Ireland.

SPF’s advocates did the protocol no favors. They responded that it would work if undercapitalized ISPs filtered outbound mail and users told the understaffed ISPs when Something Bad happened, so overworked ISP slaves could track down the culprits. Right.

As one-of-many tests on incoming mail (instead of The Test), we find SPF to be a valuable contributor to the spam/not spam decision-making process. Unfortunately, that makes us heretics in the wide eyes of a few vocal Friends-of-SPF.

Sadly, some in the SPF camp and the anti-SPF clique seem to relish forcing it into a True Believers vs The Stupid World, take-no-prisoners battle. You might call it Armageddon, at least from SPF’s perspective.

Key SPFers acknowledge that, while their community is fractured and has no money, competitors do not suffer comparable restraints. They’d be wise to choose their battles very carefully.

See Also:

See for yourself at ZDNet UK.