Edward Ned Harvey wrote:
I disagree that it's compatible with spf. Most isp's and
corporate networks filter outbound traffic on tcp/25.
The fact that ISPs are filtering outbound traffic on tcp/25 cannot be
blamed on spf. On the contrary if spf was in wide use, ISPs would have
one less reason to do this filtering.
Loic
I don't blame the actions of ISPs on spf. Nobody's using spf. How could it
be spf's fault.
But ISPs do in fact use port filtering. And that's a problem for SPF.
Oops sorry, you are completely right, I misread your remark.
There are workarounds around that blocking problem (in possible
deployment order):
a) you could spf-include some ISPs for your email domains when possible
and appropriate,
b) some isp could be globally whitelisted (if they ensure no forging
can come from them),
c) maybe the best solution would be to encourage email servers to
provide a authenticated-only smtp service on another
different port (say 26, some people are actually already doing this), in
some sense separating MUA->MTA service and MTA<->MTA service by simply
assigning them different ports makes sense (originally I don't think
smtp was intended for MUAs anyway, even if it looks fit for this after
you add authentication).
I really like c) because it really makes spf compatible with all the
current dialups-filtering/port25-blocking anti-spam techniques. That
would for instance seriously limit the possibility of thrown-away
domains used in combination with hijacked or misconfigured
dialups/DSL/cable machines. SPF is mainly about avoiding a forged from,
and if it complements current antispam techniques rather than proposing
to replace them, it would make things much easier (IMHO to block
outgoing port 25 by default for a machine is a good thing, even if of
course every ISP should provide the option not do to it for free ...).
In summary, what do you think about proposing the adoption of another
port for MUA->MTA communication?
Regards,
Loic
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡