On Wed, Mar 24, 2004 at 02:16:23PM -0600, wayne wrote:
It is also known that several large domain parking systems have
published SPF records for all of their parked domains.
Oho! With or without the domain owners' permission? Here is a great
example of how something like this can quickly become a problem. How
many of the domain owners even know that there's an SPF record published
for their domain, and what impact that publication may have on their
ability to successfully send mail? How many know the steps to take to
have that record altered or removed? Is the entity responsible for
putting the record there even willing to remove it?
If the end-user DOES have a legal right to use the domain name, and they
are prohibted from doing so thanks to SPF or similar proposals, what
then?
Then there are, obvious, well known and well established methods of
seeking legal remedies. The existance of such legal remedies tends to
limit the amount of illegal abuse.
So, your solution is to sue providers who use, say, transparent proxies?
Okay, then: This domain name owner would like to use his voice to state
that he's not happy with the idea of being unable to use his domain
names while mobile.
If you, as a domain name owner, choose to make your life difficult for
your self, then, well, I'm happy for you.
You miss the point. I'm trying to make my life easy and convenient.
It's the proposals that will eliminate this ease and convenience that
will make my life difficult.
I don't understand why the "we must do something, or stop using mail"
crowd is so eager to provide "stop using mail" as a solution to certain
problems, when it seems so abhorrent to them.
I can see merit in the argument that begins, "a client could be written
to dynamically update the TXT record when you connect to the network",
were we discussing a notebook I own, on a network with no transparent
proxies. But that's not the case.
A proof-of-concept rate-limiting DNS server for SPF was published several
months ago. This would allow you, as a domain owner, to let a certain
number of emails from unexpected sources to go through without any
problems, while still greatly limiting the damage done by spammers.
There was at least one person earlier this year that was talking about
writing an SPF-after-IMAP DNS server, but I don't know if there was
ever working code written.
So, domain owners have to convince their nameservice providers to switch
to an entirely new DNS server? I don't find that to be a reasonable
expectation. It's fine if you provide your own nameservice, but of
those 250 million domain names, I'd wager the vast majority don't.
--
Mark C. Langston Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org
mark(_at_)seti(_dot_)org
Systems & Network Admin SETI Institute
http://bitshift.org http://www.seti.org