On Jun 20, 2004, at 10:25 AM, Frank Ellermann wrote:
Without your no-MX-rule anybody not interested in SPF
and RfC 2476 could simply ignore it. [...]
With your no-MX-rule users are forced to do something
before they were hit by the problem.
I see that as a big issue. One of the reasons that SPF is a good idea
is that the main guts of it work with gradual adoption. The laggers
will be subject to more "joe"s, and they can pick their policy based on
that. I dislike moving away from that model.
One of my ISPs is a (weird) real world example: Most
users send mail with the normal smart host, and this
mailer fixes the MAIL FROM and even the From: header
based on RADIUS.
The same ISP also offers a "SMTP relay" (for a small
monthly fee) where the MAIL FROM is _not_ fixed. I'm
very curious how this ISP reacts, selling the chance
to get a SPF FAIL would be a funny business model.
There is very good reason to offer this service. Quite simply there
will be many people and small businesses whose ASP (access service
provider) is not their overall mail provider. If you look at the
message you are reading right now, you will see that my ASP is pe.net.
And I use their mailhubs for out-going mail. My MXes belong to
fastmail.fm. I have too alternatives to this set up.
(1) use fastmail.fm for my outgoing mail. That is doable, but slightly
inconvenient. First fastmail.fm does have bandwidth limits (that you
can pay to increase), second I can pass things to my ASPs with now
password authentication (IP based) while with fastmail, I would have to
authenticate, and therefore encrypt (SSL/TLS). That also takes more
resources when all I want to do is encrypt the password. There are
other local reconfiguration headaches I'd have to go through. Nothing
major, but enough to put this low on my to-do list.
(2) The other option is to do direct to MX from my ADSL static IP. My
ASP allows that under certain conditions (which I meet), but I really
don't need to explain why I'm reluctant to have all my mail hit the
world from IP whose PTR is jpg.dsl.pe.net.
Sorry for being long winded, but I don't think that the service your
ASP provides is so bizarre. And given all the people who have their
mail go via their web hosters' systems that there is enough mail coming
from "legacy" systems that would be hard to change to make this change
in the MX rule a real turn off.
These are my first (long winded) thoughts on the matter. My opinions
may well change.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/