wayne [wayne(_at_)midwestcs(_dot_)com]:
Like it or not, only MicroSoft can change Outlook, Exchange and
Hotmail/MSN. Having them on board will mean much quicker adoption and
a quicker end to email forgery. If you here to end email forgery (and
spam) rather than fighting for OSS or fighting against MS, then this
should make you happy.
David Brodbeck [gull(_at_)gull(_dot_)us]:
The majority of email clients on the Internet are running Microsoft
software. Without Microsoft on board any attempt to reform how email is
handled won't get very far.
This weekend, I will be releasing a protocol level event sink for Windows
SMTP/Exchange that is built on libspf-alt, which is arguably the best tested
and most compliant SPF library. It adds headers to non-authenticated incoming
SMTP mail and supports rejection at the DATA command.
It supports Windows IIS 2000/2003/XP, and Exchange 2000/2003. So, I think
worrying about Microsoft support (other than for MSN and Hotmail) is not
relevant.
However, the following additions to SPF could kill my implementation:
- XML (will libspf-alt support this?)
- RR types (not supported by Windows DNS API AFAIK)
- RFROM as MAIL FROM parameter may not be possible (if it were a separate ESMTP
command after or before MAIL FROM, I could definitely make it work).
Isn't it a bit ironic that these items are recent (Microsoft?) proposals?
BTW, are there any admins who would like to beta test? It's fairly stable.
Features:
-local policy
-best guess* (as soon as libspf-alt includes this)
-trusted forwarders
-passing secondary MXes
-IP address exclusions
-recipient exclusions (postmaster, abuse, etc...)
-Received-SPF header prepended
-optional rejection at DATA (or EOD ".") based on SPF levels
-customized rejection explanation
-option to transiently reject on errors
-tarpitting based on SPF levels
-logging passes/neutrals/failures/errors/rejections to the event log
The user interface for it is an MMC plug-in which integrates into the IIS MMC
and Exchange System Manager MMC.
Michael R. Brumm