spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF in a Shared Hosting Environment (non-ISP) -> "Whitelisting only" records

2004-08-03 05:50:22
from [Daniel Lorch] [Permanent Link] 
Hi


Well, this is problematic. How should a customer find out which servers
might be used by his isp for outbound smtp? He really should call them, and
ask. And even then, what if the isp decides to reconfigure it's outgoing
smtp server farm? Without the isp providing spf records of it's own,
there's no way to know for sure & keep up with changes. Even then, allowing
the isp's smtp servers allows all customers of that isp to forge mail from
the domain in question..


True, but this is a problem inherent to SPF. All customers on the same server 
could be legitimately using each other's domain names. And if we additionally 
validate another Swiss ISPs outbound smtp and someone would be abusing this 
we would at least be able to trace back the victim(s). Impossible if we had 
to trace back someone to china or taiwan.

I am convinced it would be possible to raise the awareness of SPF among swiss 
ISPs. And if they don't publish SPF records, our customers won't be able to 
enable them in their control panel. As easy as that.


It would be nice if you could convince your customers that it really _is_
necesarry to send mail through your smtp server, but I realize this is
nearly impossible.


It is impossible. Customers want the freedom of choice. Anyway, enabling SPF 
to fail "-all" is an option the customer would have to explicitly agree upon. 


do I understand this correctly that this will allow mails to originate
from all servers listed as MX in example.net (that's the intended
whitelisting) and do nothing if it originates from another server?


Yes.


Good! Our mission is to get .ch on position #1 in this graph:

  http://spftools.infinitepenguins.net/register.php

:)


If you are going to deploy spf for your customers, you should have a
thorough knowledge of how spf works and what it's implications are (eg. get
into the forwarding issues).


I've looked into SRS. This will require some patching :)

-- 
Kind Regards

Daniel Lorch 
System administration

Hostpoint GmbH        | The Data Residence    |
Zürcherstrasse 2      | 8640 Rapperswil       | Schweiz

Tel  +41 55 220 0404  | Fax  +41 55 220 0409  | www.hostpoint.ch
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF in a Shared Hosting Environment (non-ISP) -> "Whitelisting only" records, Ernesto Baschny
Next by Date:  Re: SPF in a Shared Hosting Environment (non-ISP) -> "Whitelisting only" records, Daniel Lorch
Previous by Thread:  Re: SPF in a Shared Hosting Environment (non-ISP) -> "Whitelisting only" records, Koen Martens
Next by Thread:  Re: SPF in a Shared Hosting Environment (non-ISP) -> "Whitelisting only" records, Daniel Lorch
Indexes:  [Date] [Thread] [Top] [All Lists]