On Sat, Apr 24, 2004 at 03:33:08PM -0400, Margaret Olson wrote:
| subscriber's ISP. (Many users complain about non-delivery to the sender, not
| to their ISP.) Is it fair to say that almost everyone has a white list? Is
| it reasonable to add white listing support to the receive side SPF
| configuration (if it isn't already)?
Sorry, I forgot to actually answer the question. Yes, I think
receive-side whitelisting is a reasonable expectation. Many ISPs
already do something of the sort.
Of course, the Holy Grail is per-user whitelisting. Pobox, for one,
lets individual users configure whitelisting based on the IP and
hostname of the connecting client, but not every MTA shares this
capability.
But there's no reason not to just whitelist entire known forwarders.
In fact, we're already doing it, as you said. Trusted-forwarder.org
lists all the well-known forwarders. By default, SPF implementations
will check that domain. successful lookups in that domain will override
a FAIL.
So in practice the FPs are limited to small-footprint forwarder systems,
which receiver systems are welcome to whitelist on their own.
(Because the SPF syntax is so flexible, these kinds of local
whitelisting rules can be easily directly expressed in native SPF and
shimmed into place.)
cheers
meng