spf-discuss
[Top] [All Lists]

Re: Unified SPF works in progress now in alpha

2004-07-06 07:54:46
Seth Goodman wrote:

I don't see why we should help anyone sending mail from a
dynamic IP.  _Most_ people on dynamic IP's are not capable
of running MTA's.

This "most" doesn't include users with a reliable MX (static
IP), and a say DynDNS domain with "v=spf1 +a +mx -all" policy.

That's not the typical trojaned zombie setup, and in theory
it could work.  In practice there are some problems, but that
has nothing to do with classic SPF.  I'm not sure about the
"united SPF" beast including some kind of MTAMARK.

without accreditation and reputation services, we can't tell
this guy/gal from a spammer.

If the IP matches "-all" you can trust that this is a spammer
or Murphy, and in both cases it isn't your problem, reject the
mail.

We certainly shouldn't provide a mechanism that trumps the
ISP's AUP.

Where do you see this in the "united" texts ?

It's their netblock, after all, and they're responsible for
its use.

In theory.  But in practice we have comcast.blackholes.us :-(
The *nix users are IMHO not responsible for this mess, they
are innocent bystanders.

This could easily mean real money paid to large companies,
which is not what SPF is about.

Yes.  TINSTAAFL, you don't get a reliable MX and a domain with
SPF and dynamic IP for free.  If spammers abuse this kind of
setup, then that's something you can't solve with classic SPF:

There's no "I don't like this name server" function.  You could
use MTAMARK or the corresponding part of the new "united SPF" to
block all dynamic IPs of ISPs supporting one of these schemes.

                         Bye, Frank