spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: "extreme SPF" scenario for ISPs

2004-02-03 10:03:42
from [Mark] [Permanent Link] 
----- Original Message ----- 
From: <johnc-lists(_at_)cleburne(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, February 03, 2004 5:32 PM
Subject: Re: [spf-discuss] Re: "extreme SPF" scenario for ISPs


Relays from within
your own network should simply be whitelisted by IP address/subnet;


Perhaps so...  perhaps so.

I read "authenticated SMTP server" to mean an smtp server outside their
local ISP's network that was one that they were authorized to use.


An authenticated SMTP server outside your local network is, of course,
inside the local network of another. That sounds a bit cryptic. :) But what
I mean is, that if you block port 25 (or 587) to anything but your own SMTP
servers, then a local user -- who on your network is a roaming user
relatively to another ISP -- can no longer use that other ISP's facility
(like SMTP AUTH) to connect legitimately.


I would indeed NOT require that my customers on my network have to
authenticate to send thru my mailserver. I am just a small ISP, but that
would introduce a lot of service calls.


Agreed. :)


However, for customers that are outside my network, I would indeed
want them to be able to authenticate and send- currently done by
'pop3 before smtp'. This method works well so far.


But it only works well, so far, because other ISP's, outside your network,
generously allow them to connect to a 'foreign' SMTP server (namely, yours)
on port 25 (or 587). If they blocked port 25 too (or rather, restricted it
to their own SMTP servers only), then your customers would not be able to
send mail through your SMTP server either, regardless of that nice DRAC or
SMTP AUTH facility you set up locally.

I personally see no harm in opening port 587 to everyone (barring site-wide
blocks, of course). It is authenticated; so, what harm could be done? The
only one who could actually send mail through it, would have to be a user of
mine; and if he did so to spam, then he just found the quickest, most
proficient way to lose his account.

Cheers,

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: "extreme SPF" scenario for ISPs, Andy Bakun
Next by Date:  Re: Is Return-Path as available as we think?, Justin Mason
Previous by Thread:  Re: Re: "extreme SPF" scenario for ISPs, johnc-lists
Next by Thread:  Re: Re: "extreme SPF" scenario for ISPs, George Mitchell
Indexes:  [Date] [Thread] [Top] [All Lists]