spf-discuss
[Top] [All Lists]

Re: Backup MX + SPF?

2004-06-04 04:08:46
Hi,

On Fri, Jun 04, 2004 at 11:09:14AM +0100, Paul Robinson wrote:
The only way I can see of getting around this is to implicitly trust
mx2.example.com and do not do any SPF checking at all from this server. This
Correct.

has several major problems:

- I have to update my mail config every time I change the MX for a zone,
sometimes at a customer's request

- I have to implicitly trust third-party MXes and blindly allow any mail from
them, which kind of negates the point of SPF

Well, you already trust those mx'es not to read your mail while it's being 
spooled for delivery to your primary once it comes back online. If they have 
implemented SPF and you trust them to not read your mail, can't you also trust 
them not to send you forged email?

- Some of these backup MX boxes are operated by companies offering backup MX 
to
hundreds if not thousands, of domains. They become a target for
hackers/spammers

I, for one, would never use a backup mx that is not under my control, for the 
reasons above. Why allow someone that you don't trust access to your private 
email?

- My customer's outbound e-mail may get caught up into a backup MX "hole" and
get rejected because the admin at the other end forgot to update his mail
config to handle this

I don't quite get this point (maybe the heat in here). 

Koen

-- 
http://www.sonologic.nl/


<Prev in Thread] Current Thread [Next in Thread>