-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Jon
Bertrand
Sent: Wednesday, October 06, 2004 5:10 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Extreme times call for extreme measures?
In the course of doing business with "Company X" we received
a bounce saying they no longer accept mail from us. Digging
deeper brought this fairly extreme reponse:
[quote]
Company X has implemented a number of anti-spam measures that
require adherence to standards and best practices with regards to the
sending server and message content.
One of the measures is to block direct-MX connections from dsl, cable
and dial-up networks. In your case, the reverse DNS entry for your
server's IP address is "h-66-166-42-108.dnvtco56.covad.net". We block
all connections from ".covad.net". This does not effect the normal
Covad mail servers.
There are a couple easy solutions to this blocking. The first is to
relay through your ISP's server. If your server is connected with a
Static IP address, your ISP may be willing to update the reverse DNS
entry for that IP to specify that it is your mail server. The second
solution is ideal, but not always available.
If you have any other questions, please do not hesitate to contact an
administrator via email at emailhelp(_at_)udlp(_dot_)com(_dot_) That address
is not
subject to the blocking.
[/quote]
My initial reaction was
1) SPF + Reputation Based System beats "just shut off all DSL."
Sure, when:
1) SPF is well deployed
2) a good reputation system exists
2) Relay - no way, it just complicates things
Why? Other then the possibility of:
1) you are sending large files via email (ugh!) that your ISP refuses to relay
2) you are sending large volumes of email and your ISP starts to refuse your
excessive transmissions
(your not going to admit to doing that on this list, are you... :)
There is no legit reason AFAICT for not relaying through your ISP. If (1) or
(2) is true, you
probably need a more commercial, dedicated connection anyway.
3) Change the DNS - wow, is this a common thing to do?
So, is this a common thing? Is this idea gaining ground?
It is "the right thing" to do, and is quite common, probably the norm. You can
verify that for
yourself: go through your log files, grab a few dozen mail server IP's that
have connected to you.
For each ip do:
nslookup x.y.z.x
Which will return the reverse DNS name for the IP. Note that the reverse DNS
name may not match the
sender domain to send the email for (if the mail server hosts multiple domains
and does not change
its HELO/EHLO statement depending on the domain it is "purporting" to be :)
But the point is, the reverse DNS name is probably not a dynamic allocation
indicator.
In a world with spf1 what's a good reponse to this?
I will get my ISP to do a reverse DNS for my domain for the static IP that is
my mail server.
OR
I will set my dynamic IP mail server to relay through my ISP's mail server
since I am probably
required to do so by my ISP's AUP anyway. :)
Got SPF - anybody got a good reputation based system?
With the possible exception of the upcoming GOSSIP system, that may be an
oxymoron. (good !=
reputation system)
Jon B.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
<<attachment: winmail.dat>>