spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Slightly Confused.

2004-01-26 05:14:42
from [Tom Allison] [Permanent Link] 
I'm new to the list and have a question about SPF's application.
From what I've read, albeit briefly, this seems to be a process in which email being sent is validated against DNS entries for what mail servers can send email for my address. 

Seems like a variation of the VRFY command in SMTP.
Except now I have to keep DNS records in sync with my SMTP records.
Generally having the same information kept in two places is a complication that people try to avoid.
I was considering if you used the SMTP VRFY you might be able to accomplish must/all of the objectives provided by SPF et al without the need to managing two seperate sources of information or two protocols. 

Something like this:

HELO <mydomain1.com>
MAIL FROM: <joe_user(_at_)mydomain(_dot_)com>
RCPT TO: <recipient(_at_)otherdomain(_dot_)com>
Once the information from the Envelope is received, this information is sent back to mydomain1.com (after validating reverse DNS lookup to match mydomain1.com as a MX record for mydomain.com) asking to VRFY joe_user(_at_)mydomain(_dot_)com(_dot_) Response from this inquiry determines the delivery of the email.
mydomain1.com must be the lowest numbered MX record in the mail delivery system to ensure that relays are not required to manage a complete list of users.
I realize that in the past VRFY has been used to exploit deliverable spam addresses, but I think that's pretty moot considering I routinely see massive dictionary attacks against my mail servers in search of any names it can match.
But you now ask for the same level of open information from your senders. I think this won't do anything less to block spam than SPF or other domain records, it simply ensures that the addresses being used by the sender are valid.
The advantage I see here is that there is no change to existing technology and might be implimented much easier by providing a single point of information for email addresses. 

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Using headers instead of SRS, Julian Mehnle
Next by Date:  RE: Using headers instead of SRS, tv+spf
Previous by Thread:  Slashdotted again, Matt Perry
Next by Thread:  Re: Slightly Confused., Wechsler
Indexes:  [Date] [Thread] [Top] [All Lists]