Barry Shein wrote:
So unless you can somehow argue that the bazillion connections from
broadband and dialup ports I see all day are going to disappear I
think it's safe to say that either these ISPs publish SPF records for
each and every one of those pool/dhcp, or even statically assigned
(you know what I mean, the cheap seats), addresses, or they'd better
start getting their customers used to the change in policy coming up
when and if something like SPF happens and they refuse. Or maybe they
can sell them SPF entries (hmmmmm.)
$DIALUP_ISP that adds it's whole dialup-range as "legitimate
mailservers" for $DIALUP_DOMAIN is of course free to do so, but that
would be less-than-intelligent.
The whole point of "Sender IP authentication" is to designate legitimate
sources for mails from a certain domain. If $DIALUP_ISP trusts it's
customers so much as to allow them to be legitimate sources - fine,
that's their decision. But they will cause problems for their own domain
name in doing so.
And I don't see anything inherent in SPF that stops an ISP from
publishing a few million SPF records to cover all their IP allocation
if their policy is that any customer may send directly to port 25. One
pretty much implies the other.
They can only publish SPF records for their /own/ domain(s). Publishing
"a few million" legitimate sources is certainly not a good way to build
trust in these domain(s).
-- Matthias
--
Brain-Log http://matthias.leisi.net/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg