On Mon, Sep 13, 2004 at 12:17:54PM -0400, Seth Breidbart wrote:
Adding SPF in some cases has nothing to do with intelligence but
with contracts
We have contracts with our customers. We provide email addresses for
customers without their own domain within our "for customers domain".
Neither the "Internet access" nor the "use of the email address" require
the customer to use our mailservers.
1. SPF records don't prevent anyone from mailing; they merely provide
the recipient more information about how to handle that mailing.
No, but they discredit (aka unauthorize) them, which is wrong.
2. AOL _never_ intentionally allowed people to mail directly from
their connections without going through AOL's mailservers.
Ah, do they intentionally deny it? If not there is x-x-x (I don't know the
english term) but it means that if you can use something that is not
explicitely stated in your contract for a period of time it can be seen
as a positive part of the contract and the partner is not free to take
it away from you "just because".
he'll probably sue them for breaking contract.
And lose. Have you read the contract?
I have read their AUP on their homepage. It says:
2. AOL Services
2.1
- you get access to the AOL internal service
- you get access to the Internet
- you get access to send and receive emails
2.3
AOL tries to talk do everythin possible that there are no restrictions
or adverse effects using AOL as far as this is technically possible.
There is a passus that says I may not send illegal conteant and that I
shall not send mass emails or spam.
That's it. The AUP is all you get regarding the contract if you order
online (at least it is all you get until you say "yes order it now").
Do you see anything in the contract that requires them to validate
email sent not through their MTAs?
They do not validate emails by setting SPF records. SPF records say
that an IP is authorized as a mail agent sending emails that use a
particular domain in the 2821.FROM.
If I rightfully use a email address to send emails and my contract for
using this email address does not restrict me to using a special gateway
to use that email address, the owner of the domain for those email
address has no right whatsoever to mark my emails as not authorized
from that server that I choose to use.
Sometimes I have the impression people talking about all those
methods don't have many - if at all - experience in running Internet
for comercial customers.
You mean like postmaster(_at_)mail(_dot_)com?
Don't know ... is webmaster(_at_)sex(_dot_)com a sex god?
Our postmaster doesn't know how to run Internet for commercial customers.
That's not his job. His job is to sort the emails, classify them and
answer questions. He doesn't know (much) about deployment problems, mail
server balancing, customer contracts, legal affairs, future strategies,
anti spam risks. That's not his job.
From mail.com's AUP:
Mail.com., ("Mail.com") shall provide e-mail products and services
("the Mail.com Service") to you ("User") under the terms and
conditions of this Mail.com User Agreement ("the Agreement").
[ ... ]
User shall not use the Mail.com Service for spamming.
[ ... ]
Should User cause e-mail that does not meet these criteria to be sent
through Mail.com's servers, User understands and agrees that this is a
breach of Mail.com's Terms of Service, which may result in User's
account being terminated, with or without notice, and/or legal action
against User for misuse of the Habeas trademark and copyright.
Do they consider an email address @mail.com as part of the Mail.com
Service? Their AUP does not define what exactly the "service" is and it
surely doesn't force anyone to use a @mail.com address only with mail.com
servers. They don't state there that any email using @mail.com addresses
and not sent through your mailservers is unauthorized.
So with adding SPF records have they informed all of their customers
about what they did? Don't know about the USA but in Germany this is
a change in contract and gives each customer an immediate right to
cancel.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg