Re: Opening Debate on SPF vs. SenderKeys

AccuSpam wrote:

> > hmmm. i don't know about everyone else, but 100% of my users use SMTP 
> > AUTH if they want to send email out.
> >    
>
> How do you verify that?
>
> How can you know they do not input their email address else where?
>
>  
hmmm, that wasn't my point. if somebody wants to send an email to a 
domain _not_ on my system, then they have to authenticate. If they want 
to send email out of something else, that is 1) their perrogative and 2) 
their own worry.
I think the thing is, I am not going to automatically go in there and 
set up SPF for my customers so they can't send email from anywhere else. 
It is when they call complaining about getting 1,000 NDRs each day I 
will explain to them 1) what is going on and 2) what can be done.
If SPF become formally accepted and is mainstream enough, I would likely 
make a decision to inform all my customers about that.
The thing is, I am not a big ISP that offers $3.00 hosting with 600 GB 
of monthly bandwidth. I will never even try to compete with that. I 
never aim to be McDougle's or Fall*Nart. I build servers, databases, 
take the ether and wrap it around a shell to make X work. I am the kind 
of guy that will stay up three days straight to figure out how to make 
something work. Hosting sites and email covers expenses and supplements 
income for me. 

> One thing all ISPs could do to help is do SPF before sending as Meng suggested 
> today.  Then you change a potential silent delete into a send fail.  I found 
> that to be a good idea, if every SMTP would implement, then that could be a 
> good way to stop the unpermitted sending, but will customers like it if they 
> can not send email the way that is easiest for them?  Too many send failures 
> might lead to a lost customer.
>
>  
I don't provide dial up / dsl / etc. i wouldn't even try to take the 
time to set that up.
> Perhaps you can hope to know by complaints of lost sent email if you enabled "-all"?, but 
> when did senders complain to their own ISP, they complain to the receiver....and  if you only have 
> 50 users and "for every 1 complaint there are 100 more who did not complain", then how 
> would you know statistical ly?
>
> And what sort of ISP is this?  What demographics?
>
>
>  
i run about 900 domains. i am just small potatoes, and i only try to 
make things better "on average" as best I can. if somebody complains, i 
give it personal attention and make it happen.

> > When you set up an account, you 
> > just tell them what to do.
> >    
>
> Tell me what to do with my Eudora 4?
>
> Upgrade first correct?
>
>
>  
I would go look it up on google and give you instructions. if Eudora 4 
doesn't support SMTP AUTH then yes, you would have to upgrade. If that 
just won't happen then I would make a special case "X". The only 
odd-ball client (i used eudora back in the day, but i don't personally 
know anyone that uses that) i know about recently (like past couple of 
years) was a Pegasus user. But i think they switched to OE (i am not a 
fan of OE)
Not cutting on Eudora or Pegasus, I just don't know of anyone using that 
software anymore.
> > About the greeting card. I agree, I haven't had any luck deciding what 
> > looks like spam or not. People complain when they get spam, and they 
> > complain when they don't get spam, IMHO.
> >    
>
> AccuSpam knows a little bit more (than what you could gleem for content 
> analysis), because it correlates not only votes on domains, but correlates how 
> much users agree on the recipient user's votes.
>
>
>  
I disagree with that line of thinking. Unless you only have customers 
that are Republican Methodists or Methodist Republicans would that work 
well. Unless maybe if you have 10 million users. I have never been a 
Methodist, but was a Republican until 2004, about 16 years I suppose. 
Right now I am just hopeful that someone with Integrity and 
consideration for humankind takes a go at things.
> > APOP was back in the gay nineties.
> >    
> I have not even graduated to POP over SSL yet.
>
> Maybe this forum needs to collect some stats on the internet before it blindly advises 
> "solutions"
>
>
>  
hmmmm. I don't recommend that anyone use POP. I get too many customers 
that think they can store all their email in their Inbox at work with 
"save on server" so they can get it at home. And that is like playing 
Email Jenga. One day you get in the office and are receiving 2500 
messages because the hottest email client on the market loses it's mind.
Take care

Waitman