On Feb 26, 2004, at 13:54, David Woodhouse wrote:
Similar logic applies to my decision whether to publish SPF records for
my domains. If I publish records, then my users may not be able to send
mail to third parties who, in accordance with well-established
practice,
forward their mail from some virtual domain or forwarding account to
their 'actual' current email address.
David,
Forgive my ignorance but my reading of the SPF spec says that
publishing an SPF record does not have this kind of side affect. People
who require forwarding to a vanity domain have the choice to use SPF or
not at their email destination. That your publishing the SPF record for
your domain does not preclude the forward. In other words, a different
envelope sender is used by the forwarding host. And the user requiring
forwarding needs to either not use SPF checking or whitelist his/her
forwarder or implement something like SRS to reliably allow this
transaction. Not advertising your preferred senders appears to hurt you
and your users with the dubious result of maybe helping email providers
that cannot implement a proper SPF check or policy.
This looks like a non-problem. The recipient is choosing to use an SPF
record without using a forwarding mechanism to protect his/her own
mail. Is that really your problem? If you asked your users if they
would prefer that you protect this class of users at another ISP at the
expense of allowing joe-jobbers, et. al., would they really agree with
you? In my very small community mail service, I cannot imagine that one
of my users would prefer that I protect the ability of an external to
our community user's ability to poorly use SPF and accept joe-jobbing
as the consequence.
Finally, I thought that the idea of enforcing SPF incrementally
allowed these vanity domains and forwarded services to learn how to use
SPF correctly? That there is only a win-win in starting to help SMTP
gain sender authentication?
Andrew
____________________________________
Andrew W. Donoho
awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m)