Jim Fenton wrote:
Unfortunately, I see efforts to encourage publication of
SPF/SenderID -all records without explaining all the
implications of that so the "education" being done there
may not exactly be helpful.
I've no idea what the SenderID (i.e. PRA) folks do, but
the SPF site highlights the problem several times, e.g.
point 5 in <http://www.openspf.org/FAQ/Hints_for_ISPs>:
| You should never publish "-all" for customers domains
| without the consent of your customers. They *will* have
| ways of sending mail that you don't know about. Keep
| your customers informed about your SPF roll-out, this
| will prevent them from being unpleasantly surprised by
| mail that suddenly is not delivered due to SPF "fail"
| results. Insufficient communication will drive up your
| support costs and result in your customers being less
| happy with both your service and SPF
[tools to detect outgoing on mail from obscure places]
I'm not sure I understand exactly what you're getting at
The "exists" mechanism can be used to track which IPs
send mail for a given domain (down to most local parts
if necessary), but of course only for what's checked,
HELO, MAIL FROM, maybe PRA, not "first author" unless
it happens to match the checked identity.
if the tool doesn't take that into account, it might
miss some interesting cases.
Yes. I'm lost how the tools you talked about can get
better data, or is it a case of senderbase datamining ?
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html