spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Use of SPF with Shared MTAs (was Possible New Mechanism Prefix)

2004-06-26 11:52:50
from [Mark Shewmaker] [Permanent Link] 
On Sat, 2004-06-26 at 14:12, spf(_at_)kitterman(_dot_)com wrote:



(Rude side note:  You are using an outgoing mail server that you don't
trust.  This is a problem that you need to correct.)


No.  I trust the mail server to only be used by authorized users.  It's the
other users I don't trust.


If anybody in the world can buy an account on that mail server, and that
account enables them to forge mail in your name, then I don't see how in
any useful sense of the word you could be said to "trust" that mail
server.

You're not really "trusting the outgoing mail server" in my book if
you're only trusting that other people who have
"authorized access==bribed/payed the mail server owner" can use that
access to forge mail in your name.


This is the case for EVERYONE that uses a shared MTA.


No, no, most emphatically no.

It is not the case for everyone who uses a shared outgoing mail server.

However, it is apparently the case for *you*.

Again, if you want to be able to publish SPF PASSing IPs, which you
can't because you have the problem that the outgoing mail server you've
decided to use can't allow you to honestly claim that, then you can
solve your problem by approaching any number of companies eager and
willing to help you for a small fee.

It's quite simple.


I do not have the time or expertise to run my own and it isn't affordable
for me to pay someone else to run an MTA just for me.


I can see how that would be overkill for many people.  If that's the
case, then just pay for access to a shared outgoing mail server that you
can trust not to allow forgeries from its other users.


If SPF PASS==Not a forgery, then a lot of shared MTA users are going to get
burned because the wizards we have now, don't take this situation into
account.  There is a risk associated with asserting PASS and people need to
understand that.


It just means that people charging money for access to shared MTA's that
allow forgeries will start losing customers to those whose shared MTA's
don't allow forgeries.

And people who publish SPF PASS for IPs for their domains that point to
untrustworthy, forging MTAs will find themselves in RHS RBLs.

This means that the customers will have incentive to switch to more
competent outgoing mail server providers, and the providers will have
incentive to improve their service.  All this will only help recipients.

I don't see any reason to be unhappy about the situation.

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: (Not) Possible New Mechanism Prefix, spf
Next by Date:  Re: spf-milter and memory, Koen Martens
Previous by Thread:  RE: Use of SPF with Shared MTAs (was Possible New Mechanism Prefix), spf
Next by Thread:  RE: Use of SPF with Shared MTAs (was Possible New Mechanism Prefix), Michael R. Brumm
Indexes:  [Date] [Thread] [Top] [All Lists]