On Wed, 25 May 2005, John Glube wrote:
I travel a lot and use my laptop while on the road,
connecting through my wireless connection. Should this not
be possible, I want to be able to use any machine that is
available at the time, along with any Internet connection
to send email through my server.
Delivery of my personal, business and transactional email
is mission critical. I can't afford to have this kind of
email go missing because of a problem with mail forwarding
and SPF.
Would you advise this individual to publish a closed or
open SPF record, given the present state of the email
infrastructure?
Closed. This is especially important given the critical nature
of your business email. It must not be forged. In fact, they should
jump on rfc2822 forgery protection as well when it settles down,
since phishing attacks will be bad for your business.
When travelling with laptops, my customers use either openvpn (available
for Windows as well as OSX and Linux http://openvpn.net), or SMTP AUTH. When
a laptop is not available, they use webmail. We currently install squirrelmail
(http://www.squirrelmail.org/) on a dmz separate from their mail server.
It would run just as well on the same physical server as imap and sendmail,
I am just paranoid. The squirrelmail install has no state other than
configuration (all state is on the MTA/imap server). So it uses
a $400 Dell server. If it breaks, load the tape on a replacement while
sending in the broken server for the cheap maintenance plan.
It really is *not* hard to secure your mail infrastructure. It just
requires dropping the "but we never did it that way before" attitude.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.