In <427D019F(_dot_)6040100(_at_)ohmi(_dot_)org> Radu Hociung
<radu(_dot_)spf(_at_)ohmi(_dot_)org> writes:
Wayne, since I seem to be blacklisted from your domain, I have to send
this piece publicly.
Hi.
Sorry about that. Back on April 3rd (according to the timestamp of
the file), I received a flood of challenge-response emails from you
in a very short time. Putting you into the local blacklist was the
quickest way I could think of to prevent my inbox from filling up. I
confess that after I blocked you, I went off to do other things and
never remembered to check to see when, if ever, the flood stopped.
I have removed you from the local block list, but please make sure
that I never receive any challenge-response messages again. I have no
idea why I received so many since I have never sent you
person-to-person email.
(OFF-LIST)
Thanks for providing this service and allowing me to use it.
I will no longer be using it, because many of the senders you list
publish their own SPF records now. Certainly the ones I care about do.
Also I would like to point out that your list is outdated, as some of
the SPF policies published by those domains are in conflict with your list.
For instance, you list some "trusted" hosts for amazon that Amazon
themselves do not authorize. Perhaps they did once, but if they no
longer have those IP addresses, or at least no longer use them.
Many larger organizations use different MTAs for different things.
For example, some MTAs may only send order information, others may
only send mailing lists, while others may send person-to-person
email. Neither SPF records, nor entries in the T-FWL are designed to
list all known MTAs that a company/domain may have.
SPF records list IP address of MTAs that send email using the domain's
name in the MAIL FROM/HELO.
T-FWL entries list IP address of MTAs that send email using other
domain names in the MAIL FROM/HELO.
In the case of companies like Amazon.com, I'm not too surprised that
these may not overlap.
The trust problem is that those IP blocks may be reassigned to other
entities, and based on the wide use of trusted-forwarder.org, they will
be able to get mail through as they are 'trusted' by default.
Yes, true, IP blocks may be reassigned. I have scripts that verifies
that stuff listed in the T-FWL isn't listed in any of the major
blacklists, so even if they were re-assigned to a spammer, I would
catch them eventually. (There are a few exceptions about being listed
in blacklists. For example, spews tends to be a good "early warning
system", but often lists overly broad blocks.)
Adding a check to see if the whois data for the domains/IP addresses
have changed is a good idea. Thanks, I will add that.
I sent this message privately as I don't wish to dilute the reputation
of trusted-forwarder in public, since you provided this service in good
faith. :)
Feel free to start a better T-FWL. Competition is good. ;-)
-wayne