-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of John
Hinton
Sent: Thursday, June 09, 2005 10:19 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] This is ridiculous.
Scott Kitterman wrote:
snip
* Please read the concerns raised by the head of anti-abuse
at Outblaze on Circle ID and the related references.
http://www.circleid.com/article/1039_0_1_0_C/
Finally, ask yourself this question.
The head of anti-abuse at Outblaze, wrote a report for the
OECD setting out "Actions Required by Developing Economies
Against Spam." http://www.circleid.com/article/1095_0_1_0_C/
snip
"And the implication of publishing SPF records absolutely forces people to
rely only on their email provider's mailserver assuming the restrictive -
all SPF record..."
I've got mechanisms in my SPF record for three different mail service
providers in my SPF record (including one mail server sitting in
my office).
How did my publishing SPF force me to do anything?
Do you understand this?
Scott K
As a hosting provider, SPF is not going to be fun. We have users who use
only their ISP for email, we have users with aliases to their ISP, we
have users with POP accounts for incoming and we have users with POP
accounts using us for both incoming and outgoing. And then there is
webmail... yes, some only use webmail. :)
Yes, but by publishing the SPF records that described your mail sending
infrastructure and giving your customers that information, you put them in a
position to help themselves.
Almost all of these clients are businesses and it seems like perhaps as
many as 75% can't even set up an email account in their mail client and
don't want to be bothered with learning that simple task.
Yes, I understand, see below.
Now, they are very upset and in panic mode if their email does not work,
as many of our clients receive 80% or more of their business from the
internet. So, it is easy to sit back and say "learn about email", but
they don't. They just call to be walked through the simple settings
again and again.
Ouch.
As we impliment SPF, I'm going to need to go through each clients
individual setup and very slowly add SPF records to those which we can.
This is good. At least one DNS provider/domain host/registrar
published -all SPF records for all their customers without telling them -
See the note for Mydomain.com here:
http://www.kitterman.com/spf/txt.html
I have one question. How am I supposed to convey to our 'average' user
which sends through their ISP using their domainname as the from
address, that we need the mailserver info from their ISP? Or have their
ISP add records for their domain? Whew!! Gee, I just got a little
confused myself!
I think you bring the domain owners along that you can and then don't worry
so much about the rest. SPF is meant to be a tool of the domain owner and
if they don't want to play, that's too bad I think.
ISPs still don't 'get it' with regards to rev DNS! Gee.... this is going
to be a LONG uphill battle. One I'm willing and happy to undertake....
but email is never going to be the same again.
John Hinton
Yes, but if we don't fix something, then e-mail is going to be pretty
useless.
Ugh.
I first found out about SPF from my domain host/registrar last year:
http://www.pair.com/insider/april2004.html#pairnic
For me, that was all it took. For others, no amount of handholding will do.
Since I do a lot of work on spf-help and responding to submissions to the
spf.pobox.com site, I truly undertstand the technical level you are dealing
with here.
The bottom line, I think, is that the comment that I posted is bunk. It's
not true. What is true is that SPF is not packaged for the masses. If you
want to use it, you need to spend a little time understanding it.
Scott K