[Top] [All Lists]

Re: SPF I-D for review: draft-schlitt-spf-classic-01.txt

2005-05-26 08:08:36

Bruce Lilly wrote:

SPF and SPF-like schemes impose an additional necessary

the ISP's MTA must work 100.00000% of the time

Not necesarily.  If you have your own domain (or a small
domain shared by 15 users as in your example), then you
can permit the IPs of several mail providers.

In the most simple case you have providers A, B. C with
policies and "v=spf1 include:A include:B include:C -all".

If C doesn't offer a SPF policy for inclusion you could
still try to guess the CIDR(s) used by its mailouts, or
again in the most simple case you just know what C does:

"v=spf1 include:A include:B mx:C a:mailout.C -all"

In the presence of schemes which thwart such work-arounds
by forcing traffic through a choke point, that choke point
needs to work perfectly, no matter what

Admittedly I'm a user with a single choke point.  OTOH it's
what I wanted and proposed ;-)  Catch-all vanity domains are
a really nice idea, but less so if they are forged.

SPF also allows to create per-user policies, but that's a
premium service not available at my ISP.

The reality is, even before SPF I needed more than one mail
provider to bypass problems like dubious black listings.

And I have mailboxes at both A and B.  So when I now have a
problem with A I simply send the mail via B, just using the
corresponding MAIL FROM:<my(_dot_)B(_dot_)address(_at_)B(_dot_)example>

Anything else (2822-From my(_dot_)A(_dot_)address(_at_)A(_dot_)example) 
No big deal.

JFTR, it won't work this way with SenderID PRA, but that's a
very different scheme, only the spf2.0/pra syntax is similar.

                       Bye, Frank

<Prev in Thread] Current Thread [Next in Thread>