-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
O.K. This isn't religion. Whether or not we feel we should be forcing
people to use application layer gateways, many are already doing it. We
do it and no one on our ISP has complained once.
<A BIT OFF TOPIC . . . SKIP IT IF YOU WANT>
We as ISP administrators can force all smtp traffic through a gateway of
our choosing. We can scan mail as it heads outbound, through an
off-site smtp-mta mx proxy virus and spam scanning service (like
Postini), and even on the inbound mail delivery. We can shut down all
smtp traffic out of our ISP's that doesn't source to our outbound
relay. We can force all traffic to/from POP and IMAP servers off-site
to be forwarded through, or picked-up by our servers so that we can scan
the mail that comes in from mail servers off-site. The last and most
important step we can take is to move everone to authenticated SSL
smtp. That will put the nail in the coffin for most of the smtp abuses
on our networks.
As for inter-server communications . . . with the above items in place,
no one should ever see an e-mail from a single soul on our networks that
doesn't come from our mail servers. If every ISP provide services to
their customers and held them accountable for their actions, there
wouldn't be any spammers on the planet. Personally, I believe we are
attacking this from the wrong angle. All ISP's should run a registry of
authoritative smtp servers for themselves. All ISP's should be held
accountable for the actions of their customers. All the SPF and SRV
records are going to do is provide another thing to abuse . . . another
thing to have misconfigured . . . another thing to blame when it doesn't
save us from spam or viruses.
We already have MX records for inbound delivery. If the smtp servers on
the Internet could tell what servers are authoritative relays then there
would not be any discussion. But, if the only relays that were allowed
to operate were authoritative relays then there would be no need for
authoritative records. ISP's can control who operates an smtp server .
. . and they can definitely control the flow of smtp traffic to and from
their networks. If they really did their job there wouldn't be a spam
problem.
So, I do not believe that these new DNS records are going to do anything
but make life more difficult . . . by making one more thing for us to
maintain.
<END PART TO SKIP WHICH IS OFF-TOPIC>
There are those of us who hate the fact the the Internet as we know it
is changing. But, what are we to do? Maybe the SPF TXT records are the
answer . . . maybe the SRV records are the answer. Maybe neither one of
them is the answer. One thing is for certain. It is no longer any fun
to be an administrator when we have to fight the spam and viruses like
we do.
So, quit getting personal. Leave your agendas at the door. Shake
hands, apologize to one another, and let's get back to fixing what is
broken.
Jim Popovitch wrote:
| On Fri, 2003-10-10 at 15:34, Arlie Davis wrote:
|
|> But do you want to be FORCED to use them? My post was not about
|> "can you use a proxy/whatever", but "do you believe that you should
|> be FORCED to use an ISP's application-layer gateways"? I find it
|> hard to believe you don't understand the distinction.
|
|
| First, please don't pretent to know what I do or do not beleive.
|
| I do know that there are many ways to do simple things. I beleive
| that you are trying to do something more difficult than necessary...
| and wanting someone else (in this case other email systems) to put
| their systems at risk for your personal reasons.
|
| -Jim P.
|
|
|
|
|
| ------- Sender Permitted From: http://spf.pobox.com/ Archives at
| http://archives.listbox.com/spf-discuss/current/ To unsubscribe,
| change your address, or temporarily deactivate your subscription,
| please go to
| http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
|
- --
Bryan Campbell . . . bbc(_at_)misn(_dot_)com
STE-MISN 573-775-2111
Key fingerprint: 44AB 0A39 1F4D 0BBE E588 21A7 A4AA B08B AE01 4D39
Key: http://www.misn.com/~bbc/pgp.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/hzAipKqwi64BTTkRAkb+AJ9lb/sW5sotNqsKawmvA/DloFQtUwCfexP6
2dIJ0G9FHNa/D6x73JaApUg=
=lUIz
-----END PGP SIGNATURE-----
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡