On 6/29/2004 2:30 PM, Douglas Otis sent forth electrons to convey:
> <something important>
I struggled to understand Doug's post for a few minute, and then
considering the RHS of Doug's email address ("mail-abuse.org") made it
all clear.
Put yourself in the shoes of an RHSBL maintainer for a moment.
With CSV, if a domain has authorized its use in HELO for an IP, it is
reasonable to blacklist said domain for such authorization when it
results in spam.
And a blacklist of such domains could be quite effective at separating
ham and spam with few FPs and FNs.
With SPF, if a domain has authorized its use in any of the myriad ways
that SPF requires it authorize its use, then it's much less reasonable
to blacklist said domain for such authorization when it results in
spam. A blacklist of such domains would be much less capable of
separating ham and spam with few FPs and FNs.
Here's an example: there is no MTA that does a HELO elvey.com. Mail
from users at elvey.com is sent through (among others) rr.com and
fastmail.fm.
rr.com and fastmail.fm will have to publish CSV records, but elvey.com
won't. All three will have to publish SPF records.
elvey.com. 7201 IN TXT "v=spf1 a mx
ip4:63.195.86.147 ip4:66.111.4.0/24 include:webcom.com include:rr.com
include:pacbell.net include:nextbus.com include:messagingengine.com ?all
match_subdomains=yes"
What am I supposed to do if zombies on pacbell.net and rr.com start
forging mail from elvey.com? Is MAPS going to point out that it's
listed me for having a loose SPF record? Proably. So I must tighten up
my SPF record? How, exactly?
Assume that just 5% of all domains are in the same kind of situation.
Basically, include:rr.com, include:pacbell.net, etc. need to be removed,
and I need to set up smarthosts and walk ALL the users using rr.com and
pacbell.net through changing their MUA configurations. That would suck!
(Assume for the moment that rr.com, pacbell.net, etc. do publish SPF
records)
I suspect that the scenario I've described is of the kind that Doug is
worrying about.