spf-discuss
[Top] [All Lists]

Re: Opening Debate on SPF vs. SenderKeys

2004-08-20 20:36:20

Well good thing you are not the CEO of a major consumer ISP such as AOL or 
Earthlink.  You would quickly stand down from that stance when you lose 5% 
of your customers in short time.  Money talks, bravado walks...
 

AFAIK, AOL only supports sending mail through their servers, with their 
software.  Most AOL users are not technically advanced enough to try to 
get more creative than that, anyhow.


Ironically AccuSpam counts on that also for AOL :)

We changed AOL to "-all" in our interpretation of reverse dns :)

But that can only stay that way as long as our users do not complain about 
losing AOL e-mail.

My point is what the customer wants always wins in economics.  supply == demand

What you think is best does not matter if the customers have a different 
perspective.

Even for me as technically savvy, if you think I can declare "-all" on 
accuspam.com and smoothly glide over various ISPs all over the world and never 
have a glitch accessing an "approved" mail server, then I must ask if you are 
engineer with any real-world experience?

It is not only the ability to remotely connect to SMTP using AUTH (many times I 
can not do SSH or SFTP and often it is temporal), it is also the need and the 
knowledge to know to do DNS edits (and wait for caches to update) if you want 
to use for example hotmail to send your email when you are on vacation because 
you do not have your computer with you (assuming all people do not have perfect 
forethought).  Then if you do not control the DNS for your domain, then you 
have no option.  The ISP could provide webmail, but then what happens when the 
customer can not reach that website (because it is down), or if the customer 
was long time ago more familiar with hotmail, and wants to find an emergency 
solution or prefers the more familiar webmail?

You just do not go around deleting your customers outgoing email and think you 
can be successful.  Even apparently AOL understands that, as they have not 
enabled "-all" in their SPF record.

But the most common voilation for ISP users will probably remain inputting the 
email address in a forwarding web form (not full fledged MUA but just sending 
script), which both SPF "-all" and SenderKeys can not address


 Some ISPs are also starting to 
block sending mail with other domain names through their servers, so 
eventually you may not have a choice.


The minute earthlink.net does that is the day I cancel them.

And so will follow a significant chunk of their usership.  Given that 
earthlink.net sells personal domains, they can not do that.


 Ameritech currently lets me fake 
any domain name I want through their server as long as I'm on their IP 
block, but I don't expect that to last.

I expect that to last a long time.

The forgery from inside the local network is much less a problem than forgery 
from outside the local network.  Blocking port 25 solved most of the problem, 
then they just rate limit port 25 over their relay.

Thanks,
Shelby


<Prev in Thread] Current Thread [Next in Thread>