spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: the "implicit MX" rule

2004-06-20 20:24:42
from [Jeffrey Goldberg] [Permanent Link] 
On Jun 20, 2004, at 10:25 AM, Frank Ellermann wrote:


Without your no-MX-rule anybody not interested in SPF
and RfC 2476 could simply ignore it. [...]
With your no-MX-rule users are forced to do something
before they were hit by the problem.
I see that as a big issue. One of the reasons that SPF is a good idea is that the main guts of it work with gradual adoption. The laggers will be subject to more "joe"s, and they can pick their policy based on that. I dislike moving away from that model. 


One of my ISPs is a (weird) real world example:  Most
users send mail with the normal smart host, and this
mailer fixes the MAIL FROM and even the From: header
based on RADIUS.

The same ISP also offers a "SMTP relay" (for a small
monthly fee) where the MAIL FROM is _not_ fixed.  I'm
very curious how this ISP reacts, selling the chance
to get a SPF FAIL would be a funny business model.
There is very good reason to offer this service. Quite simply there will be many people and small businesses whose ASP (access service provider) is not their overall mail provider. If you look at the message you are reading right now, you will see that my ASP is pe.net. And I use their mailhubs for out-going mail. My MXes belong to fastmail.fm. I have too alternatives to this set up.
(1) use fastmail.fm for my outgoing mail. That is doable, but slightly inconvenient. First fastmail.fm does have bandwidth limits (that you can pay to increase), second I can pass things to my ASPs with now password authentication (IP based) while with fastmail, I would have to authenticate, and therefore encrypt (SSL/TLS). That also takes more resources when all I want to do is encrypt the password. There are other local reconfiguration headaches I'd have to go through. Nothing major, but enough to put this low on my to-do list.
(2) The other option is to do direct to MX from my ADSL static IP. My ASP allows that under certain conditions (which I meet), but I really don't need to explain why I'm reluctant to have all my mail hit the world from IP whose PTR is jpg.dsl.pe.net.
Sorry for being long winded, but I don't think that the service your ASP provides is so bizarre. And given all the people who have their mail go via their web hosters' systems that there is enough mail coming from "legacy" systems that would be hard to change to make this change in the MX rule a real turn off.
These are my first (long winded) thoughts on the matter. My opinions may well change. 

-j

--
Jeffrey Goldberg                        http://www.goldmark.org/jeff/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: making the policy decision: leveraging HTTPS, Lou Katz
Next by Date:  Re: making the policy decision: leveraging HTTPS, David Brodbeck
Previous by Thread:  Re: the "implicit MX" rule, Frank Ellermann
Next by Thread:  Re: the "implicit MX" rule, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]