ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SPF vs CSV scenarios

2004-06-29 07:49:24
from [Meng Weng Wong] [Permanent Link] 

On Tue, Jun 29, 2004 at 10:27:50AM -0400, John Leslie wrote:
| 
|    Andy closed the jabber session with several action items:
| ] 
| ] andy: We were given 3 use cases today. It would be good if meng could
| ]       take his 2 to the list, and jfenton his to the list.
| ] andy: Then let's let the CSV proponents explain two things for each,
| ]       1) how CSV handles them, and
| ]       2) how SPF does not.
| 
|    I'm waiting on these.

I was actually waiting for you to provide them.  They were
your cases.  If you look at the following transcript, you'll
see that I had to guess because you weren't telling.

[15:41:24] <mengwong> (if jlc gets a spare moment, i'd like
to ask for some detail on the use case where there's an
actual problem between using an SPF record for the PRD and
using an SPF record for EHLO, please)

[15:42:11] <andy> meng, cts
[15:42:40] <mengwong> uh, so, jlc or doug, can you set up a
problem scenario?
[15:42:44] <mengwong> <eot>

[15:43:23] <mengwong> just thought maybe you guys had one in mind.

[15:43:30] <jlcjohn> Quick answer on case with problem:
workers at home using their cable system to send email for
their work domain.

[15:43:55] <andy> Meng, can you work with that?

[15:44:14] <mengwong> lemme see what the EHLO and the MAIL
FROM look like real quick.
[15:44:38] <mengwong> (taking the MAIL FROM to be close
enough to the PRA that SPF Classic and SenderID look the
same in this case)

[15:45:15] <mengwong> EHLO cable-12-23-34-56.cty.cableco.net?
[15:45:20] <mengwong> <eot>
[15:45:51] <andy> john?

[15:45:54] <jlcjohn> Actually, it might be that, or the
cable provider might force use of their server.
[15:45:58] <jlcjohn> <eot>

[15:46:07] <mengwong> ok, so we have two subcases ...
[15:46:22] <mengwong> if the cable provider forces use of
their server, we have EHLO mta4.cableco.net
[15:46:28] <mengwong> MAIL FROM:<worker(_at_)work(_dot_)com>
[15:46:29] <mengwong> ?
[15:46:33] <mengwong> <eot>

[15:46:42] <jlcjohn> OK <eot>

[15:46:58] <mengwong> so mta4.cableco.net has an SPF record,
and work.com has an SPF record ... and ... ?
[15:47:17] <mengwong> and the mta4.cableco.net SPF record is
checked at EHLO time, and the work.com record is checked at
MAIL FROM time ...
[15:48:01] <mengwong> <eot>

[15:48:10] <jlcjohn> What happens when mta4.cableco.net gets
a bad reputation?
[15:48:13] <jlcjohn> <eot>

[15:48:28] <mengwong> then work.com has to set up port 587
with SMTP AUTH
[15:49:01] <mengwong> if the mta4.cableco.net identity has a
bad reputation, then it sucks for the mail sender whether
the checks are being done with CSV or SPF, right?

[15:50:21] <andy> these are two good use cases. perhaps
flushing them out on the list is good.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Action items from June 28 jabber, John Leslie
Next by Date:  Unified SPF overlaps with CSV, Meng Weng Wong
Previous by Thread:  Action items from June 28 jabber, John Leslie
Next by Thread:  Re: SPF vs CSV scenarios, John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]