[Top] [All Lists]

Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt

2005-03-04 16:54:31

I don't believe that SPF utterly fails for roaming users.  There are
many options for you to use.

it doesn't utterly fail. it does, however, tempt DNS zone admins to impose unreasonable constraints on how mail is sent.

For example, you can use SMTP AUTH over the SMTP submission port to
always submit your email to an acceptable MSA instead of using your
ISP's MTA.  While there are many ISPs that block port 25, there is no
reason to block port 587 and almost no one does.

even if your domain has MSAs that accept port 587 and your ISP does not block it, this may not be a good option. if requires, among other things, that your MUA know which MSA to use for which return address. some MUAs do this fine, others poorly, others not at all. (Apple Mail seems to choose an MSA at random, and if that fails to accept the message, complain about it.)

and it's certainly true that the zone admin can set up SPF records so that they don't interfere with legitimate activity. though almost any attempt to do fine-grained control over which domains can send mail from which IP addresses is of limited applicability. for any large group of users, zone admins aren't likely to know enough about their users' needs to decide what is legitimate for those users and what is not. and there are scaling and reliability and performance concerns with doing lots of DNS queries.

of course, there are exceptions, domains for which this works well. some of them serve millions of users.