You said:
"That way, there are no additional MTA's listed with "?"."
Some of us must use the ISPs mail servers. My IP address is blacklisted
because it is using DHCP. I had been doing my own email for years, until
dnsbl.sorbs.net (and others) blacklisted my IP address. I wonder if a
"cease and desist" letter would help?
So, for camcast.net users at least, you are daydreaming.
Oh, back to DHCP. My IP address does not get changed very often, maybe once
a year. If comcast did DHCP correctly, it would never change. The last
time was related to a power failure caused by a large storm in my area.
Since I am able to re-boot and keep my IP address, I assume the power
failure effected comcast's DHCP server.
Now if MTA's would ignore dnsbl.sorbs.net when SPF records validate a
domain, I would be able to stop using the comcast servers.
Guy
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Seth
Goodman
Sent: Monday, August 23, 2004 12:01 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Some thoughts about spam and SPF
From: Meng Weng Wong
Sent: Friday, August 20, 2004 9:20 PM
On Thu, Aug 19, 2004 at 10:32:28PM -0400, Scott Kitterman wrote:
| OK. If I sign up and want to send e-mail from my domain, how do you
| determine if I'm an authorized user of that domain? What
| prevents your
| other customers from forging my domain? SMTP Auth says
| that I'm a customer
| of yours. It doesn't, in and of itself, say what domains
| I'm authorized to send mail from.
consider pre-emptive SPF checks on outgoing mail :)
I was interested in the same thing a while back, but I don't think SPF
has quite the semantics necessary. A domain owner can publish a record
saying that, in addition to their own MTA, legitimate mail can come from
JoesISP.net. However, it doesn't give JoesISP a clue as to which of his
users is permitted to use what address at the foreign domain. This is
why you run into a quandary when trying to set an ISP as secondary mail
source for the convenience of some employees: anyone at that ISP can
then use any address at your domain. You are forced to use "?" in the
record, which in the long run means a lower grade of delivery.
What would be really nice for ISP's is if the domain owner could somehow
publish what user at a given ISP could use what address at his domain.
Then the domain owner could put a "+" in front of that record and the
ISP would have a zero-administration method of forgery prevention. Of
course, the real answer is for the domain owner to provide SMTP AUTH and
use the ISP for connectivity plus personal mail services. That way,
there are no additional MTA's listed with "?". If enough MTA'S provided
SMTP AUTH access, maybe, just maybe, ISP's could be convinced that their
customers sending out mail as anything but user(_at_)ISP(_dot_)net constitutes a
forgery. Sorry, I must have been daydreaming.
--
Seth Goodman
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com