ietf-mxcomp
[Top] [All Lists]

RE: MARID compatibility with SPF records

2004-07-20 04:24:28

A quick comment on the compatibility of MARID
with SPF records.

Let me use the example of mydomain.com. 

Mydomain.com sends email through its ISP and also uses the
services of a 3rd party email service provider to send out
its newsletter.

In setting up its SPF record, mydomain.com proposes
initially to publish a record:

mydomain.com.IN TXT "v=spf1 +a:mx.bigisp.com
+a:mx.bulkmailer.com -all"

(I am using the same record for ease of comparison.)

In discussions with bulkmailer.com, the owner says this is
not necessary as SPF authenticates the MAIL FROM address in
the envelope header and we use a root email address for our
domain. 

Since Sender-ID is not in the wild, by including
+a:mx.bulkmailer.com in the SPF record this will throw an
extra burden on our DNS server. Please don't do this. 

The response from mydomain.com is ok.

Now with Sender-ID a number of things happen:

* mydomain.com needs to amend its MARID record.

* Receiving MTA's may do a check on mydomain.com and
bulkmailer.com resulting in two queries of bulkmailer.com's
DNS server. (This may not be a problem if the query is
cached.)

* If mydomain.com wishes to be accredited for newsletter
sends, it can no longer rely on the accreditation of
bulkmailer.com, which is already included as part of
bulkmailer.com's service fee. 

Since the only mail sent through its ISP is response to
customer queries, it now has to pay an extra charge to have
its domain accredited, not having established a reputation
for mydomain.com, relying on the services of bulkmailer.com.

Since mydomain.com already follows best list management
practice of using closed loop verification through
bulkmailer.com, this is an extra financial cost.

Some may say, well this is the cost people will have to
bear if they want their domain protected against being used
for fraudulent purposes and to get through all the
intervening filters on an "express basis." 

I would argue this is an unnecessary cost for mydomain.com
since the business owner is already paying for
accreditation once through bulkmailer.com. Now, the
business owner has to pay twice.

As was pointed out, with SPF the authentication
cost for the business owner is perceived to be free.

However, with Sender-ID the mix has now changed and
although there is no cost in publishing a record, the cost
implications of the change on the accreditation side are
significant.

I simply ask these matters be considered as Sender-ID moves
forward. 

John Glube
Toronto, Canada

The FTC Calls For One Standard For Sender Authentication
http://www.learnsteps4profit.com/dne.html 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.718 / Virus Database: 474 - Release Date: 09/07/2004