spf-discuss
[Top] [All Lists]

Re: Re[2]: ISP migration information

2004-07-04 15:23:55
On Sun, 2004-07-04 at 20:47 +1000, Chris Drake wrote:
Hi Aredridel,

Sunday, July 4, 2004, 5:23:59 PM, you wrote:

snip

A> I am an ISP -- the very classic, dialup sort.

snip

A> If your customer base is used to communicating their
A> needs, I reccomend it. If not, be careful. Softfail first. Monitor logs
A> and contact customers who have problems. Track problems.

Did you go Softfail at all?  If so, how did you deal with the problems
of Baysian filters of recipients (eg: Netscape/Thunderbird/etc)
silently dropping customer emails for that 1% of people you discovered
later have problems (or did those victims not realize that your SPF
setting was the cause until you got rid of Softfail?  Can you survey
them and ask if they sent emails that recipients claimed never to get
(or that got tagged as spam) during your softfail period?)

We've got some domains on softfail, some on hard: the forwarding service
problem is a real problem. So far, it's not been a big one, but we're
monitoring logs for mistakes.

If you did not go Softfail - why are you recommending it?  I'm not an
ISP, but the thought of angry customers complaining to me that their
emails "won't send" sounds a lot better than letting customers send
emails knowing that Baysian filters are going to gobble them.  You've
got to one day switch softfail off anyhow, at which time you're going
to get the "my email won't send" complaints, so I can't see any excuse
for using Softfail at all.

Mostly, the forwarding problem -- give the forwarders a chance to
implement some sort of RPR, and receivers, whitelists.

Also, it's an effort thing: if we flipped all the switches all the way
at once, it makes a spike in the workload. 

There's only so much you can do for Bayesian filters. They're always
going to second-guess you.

SPF is for rejecting forged emails.  It's built specifically to let
senders know when emails don't go through, by rejecting before DATA.
Trying to use it any other way multiplies false-positive problems
dangerously (more legit emails get trashed, and no senders know this
occurred).

That's a problem, but one that SPF makes no worse. I think that a slow
migration is good, and if SPF and reputation services are effective, we
may see Bayesian filtering go away.

Ari


<Prev in Thread] Current Thread [Next in Thread>