I still think sender verification is the answer to stopping spam.
There are all sorts of things that can be done, that make spf a sender
verification scheme, including sasl, vpn, etc etc. But unless you add these
things to spf... SPF is not sender verification.
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Vivien
M.
Sent: Tuesday, December 16, 2003 3:39 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Maybe simple question
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
Greg Connor
Sent: December 16, 2003 3:19 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Maybe simple question
1. The people changing the DNS to add SPF are probably either
also part of
IT, or working in cooperation with IT. If nobody is actively
forging mail
from the domain right now, they might just delay SPF until a
time when
everyone has access to smtp auth and/or vpn.
If they choose to implement SMTP AUTH/VPN/etc.
2. Does the employer in this case offer a way to VPN in? I'm
assuming pop3
isn't open to the outside since it's kind of insecure in
terms of sniffing.
If there is a VPN, you can probably send directly with the employer's
server without adding smtp auth to it - they would implicitly
trust the vpn
client ip. If they just have pop3 open to the world, they
might want to
either add smtp auth, or use pop-before-smtp which some smtp
servers might
be set up for if they don't have auth.
No, POP3 is open to the outside - we're talking about educational
institutions here. Most educational institutions that I know of
will happily
allow POP3 by students/staff/faculty from outside the network - it's not
like that login/password, even if compromised, could do much harm to the
institution, I don't think. (They use different authentication systems for
important stuff)
Ok that's all I have for now, good night :)
Yes... Those solutions are all good, but they ALL require active
IT work to
support off-site people. When people are in a gray area (no one
saying POP3
from outside is good/bad/supported/unsupported), IT might just deploy SPF
and screw over anyone off-site, at least for a few weeks before they get
their own voicemail box swamped...
Vivien
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate
your subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡