spf-discuss
[Top] [All Lists]

Re: Backup MX + SPF?

2004-06-04 08:22:56
On Fri, Jun 04, 2004 at 11:31:35AM +0100, Paul Robinson wrote:
ultimately this means that I end up trusting the backup MX in the same way I 
do
for any host sending mail for a non-SPF protected domain. I'm not entirely 
sure
how I feel about this, but to me it looks like a hole to get through SPF that
spammers are going to target, especially when there are backup MX services out
there handling mail for tens of thousands of domains.

Spammers already target backup MX's because they are often a hole through the
primary MX's defenses, especially DNSbl's.  SPF will be no different.

Backup MX's also can't verify destination addresses (generally), so they are a
major source of bounce traffic to forged addresses.

Backup MX's are useless for the vast majority of sites today.  Legitimate 
sending
sites handle queuing and resending mail to down sites.  Unless you're planning 
to
be down for a week or more, you don't need a backup MX.

Backup MX's not under your administrative control are actively dangerous;
unless they share exactly the same anti-spam defenses as your primary MX and
have access to valid user lists, they just cause problems for you and others.

-- 
Alan


<Prev in Thread] Current Thread [Next in Thread>