ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "If you believe that the SPF concept is fundamentally flawed,please subscribe at http://www.imc.org/ietf-mxcomp/"

2005-05-26 07:48:43
from [Carl Hutzler] [Permanent Link] 

admin(_at_)asarian-host(_dot_)net wrote:


-----Original Message-----
From: Arnt Gulbrandsen [mailto:arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no]
Sent: donderdag 26 mei 2005 15:41
To: ietf-mxcomp(_at_)imc(_dot_)org
Cc: Mark
Subject: Re: "If you believe that the SPF concept is
fundamentally flawed,please subscribe at
http://www.imc.org/ietf-mxcomp/";



Mark writes:



SPF is inter-MTA based, and requires no changes to email clients
whatso-frickin-ever.

The first time I looked at SPF was because I wanted to ensure that an
email client was okay. Specifically, I wanted to check outgoing mail
from a roadwarrior machine, and warn the user before sending any mail
that would likely fail.

That job wasn't so easy. Not so easy.


It is up to the ISP/MTA how to deal with their roaming users. Typically,
SMTP AUTH / DRAC is used (that has nothing to do with SPF even, but
everything with your ISP not being an open relay and still allowing its
customers roaming access). So, if you send mail, from the road, through
the relay you authorized, then that relay should SPF "pass" you (provided
you use the correct domain name, of course).

Sending through someone else's, unauthorized relay may, indeed, present a
problem on the receiving end if they check SPF (and thus would reject your
mail). But that is the whole point: either we allow everyone to use every
domain name through every relay (they have access to), or we specify
authorized relays. If we do the latter, then naturally doing the former
will no longer work. I believe that is a good thing.

It will take some mentality adjusting, though; like way back when, when
people said: "I used to be able to send through every SMTP server I
wanted; and now, dangit, I can only use the ones I have been given
access to." That change, too, was a good thing.
BTW, this issue of allowing someone to send through "someone else's relay" is a problem for ALL email authentication approaches except perhaps CSV and BATV. DomainKeys, SPF, IIM, and SID all have an issue until we can get MUAs to sign with DK/IIM. 

-Carl

--
Carl Hutzler
Director, Host Mail Development
America Online
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF PASS (was: "If you believe that the SPF concept is fundam entally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), Andrew Newton
Next by Date:  Re: SPF PASS (was: "If you believe that the SPF concept is fundam entally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), william(at)elan.net
Previous by Thread:  RE: "If you believe that the SPF concept is fundamentally flawed,please subscribe at http://www.imc.org/ietf-mxcomp/", Mark
Next by Thread:  Re: "If you believe that the SPF concept is fundamentally flawed,please subscribe at http://www.imc.org/ietf-mxcomp/", wayne
Indexes:  [Date] [Thread] [Top] [All Lists]