Well good thing you are not the CEO of a major consumer ISP such as AOL or
Earthlink. You would quickly stand down from that stance when you lose 5%
of your customers in short time. Money talks, bravado walks...
AFAIK, AOL only supports sending mail through their servers, with their
software. Most AOL users are not technically advanced enough to try to
get more creative than that, anyhow.
Ironically AccuSpam counts on that also for AOL :)
We changed AOL to "-all" in our interpretation of reverse dns :)
But that can only stay that way as long as our users do not complain about
losing AOL e-mail.
My point is what the customer wants always wins in economics. supply == demand
What you think is best does not matter if the customers have a different
perspective.
Even for me as technically savvy, if you think I can declare "-all" on
accuspam.com and smoothly glide over various ISPs all over the world and never
have a glitch accessing an "approved" mail server, then I must ask if you are
engineer with any real-world experience?
It is not only the ability to remotely connect to SMTP using AUTH (many times I
can not do SSH or SFTP and often it is temporal), it is also the need and the
knowledge to know to do DNS edits (and wait for caches to update) if you want
to use for example hotmail to send your email when you are on vacation because
you do not have your computer with you (assuming all people do not have perfect
forethought). Then if you do not control the DNS for your domain, then you
have no option. The ISP could provide webmail, but then what happens when the
customer can not reach that website (because it is down), or if the customer
was long time ago more familiar with hotmail, and wants to find an emergency
solution or prefers the more familiar webmail?
You just do not go around deleting your customers outgoing email and think you
can be successful. Even apparently AOL understands that, as they have not
enabled "-all" in their SPF record.
But the most common voilation for ISP users will probably remain inputting the
email address in a forwarding web form (not full fledged MUA but just sending
script), which both SPF "-all" and SenderKeys can not address
Some ISPs are also starting to
block sending mail with other domain names through their servers, so
eventually you may not have a choice.
The minute earthlink.net does that is the day I cancel them.
And so will follow a significant chunk of their usership. Given that
earthlink.net sells personal domains, they can not do that.
Ameritech currently lets me fake
any domain name I want through their server as long as I'm on their IP
block, but I don't expect that to last.
I expect that to last a long time.
The forgery from inside the local network is much less a problem than forgery
from outside the local network. Blocking port 25 solved most of the problem,
then they just rate limit port 25 over their relay.
Thanks,
Shelby