spf-discuss
[Top] [All Lists]

RE: Some thoughts about spam and SPF

2004-08-25 10:26:42
At 09:02 AM 8/25/2004 -0500, rgreene(_at_)tclme(_dot_)org wrote:
AccuSpam said:

Do you see AOL or Earthlink, which both have SPF records, actively
preparing their users for SMTP authentication?

No cost analysis from me.  I'm just a small ISP.  For AOL its easy: AOL
10.0

Has any one confirmed this with them?


I presented this poorly.


Not poor at all.  I got your point.


 I was speaking hypothetically rather than
factual.  AOL has a history of inundating *my* mailbox with various
versions of their wares.  It would seem to be a simple solution for them
to add a smtp auth aware client with a migration script to these
distributions.  Earthlink has provided installation software for new
clients as well.  I dunno about clients left over from the dark ages. 
Most of them are probably savvy enough to not want the portal services.


It is easy for us to say that it is easy for a big ISP to flip a few switches, 
because we don't have to do it.  We don't have to pay for the tech support to 
the hold the hand of million grammas who can keeps clicking the IE icon instead 
of the Accept button of license for install new version.

That is why I propose we add an optional probability number between 0 and 1 to 
"all", so an ISP that can not get 100% compliance immediately, and is not 
willing to risk false positives with "~all" does not have to a neutral (and 
thus less useful) result of "?all".

A possible syntax could be for example "-all0.9993", which would mean that the 
chance of non-forgery is 7 in 10,000.


We don't have many dialup customers left.  Those would be a slam dunk to
service because we know their entry point.  Most of our customers come in
by broadband and we have been using various methods of authentication for
a long time.  Our major targets are businesses.  For them, we either
co-locate a smtp server or provide a web interface and then it doesn't
matter where they are.  As long as we keep it on fast hardware, they seem
happy.  It fits our business model and if they don't like it, depending on
the size of the client, we can either adapt or guide them to another
provider.  We are not and have never been a one-size-fits-all solution. 
We don't seek every opportunity but rather clients who we feel we can
service adequately while maintaining a decent profit level.  I've never
lost money on a job I didn't do.


But perhaps big ISPs do not have the luxury of being niche players and refusing 
gramma.


Occasionally, we do have a PITA client and when those occur, we don't
waste time with them.  The clients who complain the most have always been
the people with the discount accounts anyway.


The rule I was taught, is that for every 1 who complains, there are 100 more 
who did not bother to complain and just left your business.