From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Tony
Finch
Most of these
reasons apply to all designated sender schemes, so we won't be
implementing SPF either.
As well as the alumni forwarding service, about 7% of our
message store
users forward their email off-site. These users are likely to lose
legitimate email because of Sender-ID checks at the
destination sites.
Looks to me as if you can still deploy an SPF record that says
that A, B & C are authentic university of Cambridge mail servers.
What you are saying you cannot do is to add a final -all to
exclude the universe of all other mail servers.
This is supported by the spec.
We do not know how many of our users forward email to
Cambridge from other
sites, and it is very difficult to find out. We can only implement
Sender-ID checks if we also whitelist sites that forward to
Cambridge, in
order to avoid erroneously rejecting legitimate email. It will be
extremely difficult to create and maintain the whitelist,
That is why most people who are going to use a whitelist are
going to outsource the process.
VeriSign has started making the Verified Domains List available
to qualified anti-spam companies and we plan to make it available
to everyone via a DNS publication mechanism in the near future.
Both services are free.
The University is a federal organization with a strongly delegated
management structure. The Computing Service does not have a
monopoly over
the provision of email services, so the colleges and
departments use the
central email services to a greater or lesser extent at their
choice. We
would have to perform a much more detailed liaison exercise
than usual to
work out what the implications of implementing Sender-ID would be for
email travelling between the various parts of the University.
What this says to me is that even though the central IT dept
at Cambridge is not going to support Sender ID, the same is not necessarily
true of the colleges. The more progressive colleges
such as Porterhouse can choose to issue SenderID records for
their domains even if central IT services do not.
The ancient universities have barely come to terms with the
consequences of the industrial revolution. If we consider
the suitability of specifications on the basis of their
ability to deploy we are not going to get very far.