-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Paul
Howarth
Sent: Thursday, August 19, 2004 3:24 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Some thoughts about spam and SPF
On Thu, 2004-08-19 at 07:09, Graham Murray wrote:
Scott Kitterman writes:
I use (among others) Verizon DSL as an SMTP service. Since
they use SMTP
Auth, I can use them even when I'm not connected through
their network.
Because of the way SMTP Auth is set up for Verizon DSL, and
Verizon DSL
customer can claim to be sending from any domain. As a
result, to protect
myself from cross-customer forgery (which might result in you
blacklisting
me), I have ?include:verizon.net in my SPF record.
Which is bad. If they use SMTP AUTH then they should have a separate
AUTH user for each domain which would prevent cross-customer forgery.
I'm sure each customer does have a separate AUTH account, just that
there's no association between AUTH accounts and sending domains.
Setting up and maintaining such associations is definitely a non-trivial
exercise, but necessary really if people want to use a "+" mechanism
rather than a "?" mechanism for the shared server.
Paul.
--
Yes, that's it exactly. I am interested in finding an SMTP provider that
will do that.
Scott Kitterman