== Why large ISPs like SPF (the cynical view) One of the peculiarities of [[SPF AnInternetRule]] and related schemes is that many large ISPs are quite enthusiastic about it, especially free webmail places like Hotmail, Yahoo, and Google Mail. However, this enthusiasm rarely extends to blocking incoming email that fails SPF checks, although they are happy to encourage you to use SPF on your own mail. The cynical view of this is that ISPs love the idea of SPF because it gives them more control over their customers. With SPF, their customers are not only tied to the ISP for reading their email, they are tied to the ISP for *sending* email too. This suggests why the free webmail providers are so enthusiastic; all of them show ads on their websites, so the more they can force users to use those websites the more they profit. This also may explain why people are enthusiastic about SPF variants like [[DomainKeys http://en.wikipedia.org/wiki/DomainKeys]] that validate the message headers, since it gives them even more control of what users can do. (For most users, what matters is not their envelope origin address but what _From:_ header says.) === Sidebar: the less cynical view of DomainKeys The less cynical view of why Google and Yahoo are behind signing the _From:_ header instead of the envelope origin address is that they are smart enough to understand that in the real world, no one is using either SPF or DomainKeys to reject email in the MTA. If you're aiming at users instead of MTAs, the message headers are what really matters, and so authenticating them is the important thing. (And you actually have a shot at persuading MUA authors to include optional DomainKeys checking, or writing plugins to do it for popular MUAs.)