On Sun, Jun 20, 2004 at 10:32:54PM +0100, Karl Prince wrote:
|
| 0429-linuxbroadband
| http://spf.pobox.com/slides/unified%20spf/0429.html
|
| This was a big surprise, since it seems an ISP can not publish
| (effective) policy stating that their IP address space is not
| to be used to send emails from directly. Even DHCP Dialup can
| not have an enforced no direct email policy.
|
| I sympathize with the "poor linux user" on a consumer grade
| broadband connection, after all I fit that description, though
| my MTA is actually on a Windoze server, since I like my Win32
| MTA.
|
| If an ISP has a "no direct mail" or a "no server policy", then
| they should expect a published policy for these IP addresses to
| be honoured. Ideally I would hope that users allowed to send
| mail directly could switch off this record, if enabled by
| default on new connections.
The important thing is finding a responsible sender. If the
HELO domain passes authentication and it a reputation system
considers it "good", that should override the ISP's opinion
of whether it deserves to send over port 25. Similarly for
the return-path --- that can be another subject of
authentication that overrides the MTAMark=no semantic.
| Though since many admins use DHCP/Dialup DBLs (or maintain
| their own like AOL) to block these IP addresses (to which some
| ISPs submit their DHCP IP's for addition), so allowing it to
| pass may be in vain.
Unfortunately, this is part of the pain of switching
paradigms. It'll be up to the army of linux hobbyists to
convince ISPs that instead of blocking port 25, they should
just define MTAMark=no. That same army can also take on the
attempt to convince ISPs to stop blocking based on DULs when
the MTAMark=no semantics become available with an SPF/helo
or SPF/mail-from override.