spf-discuss
[Top] [All Lists]

Re: Achilles heel of SPF

2005-06-22 11:07:00
...... Original Message .......
On Wed, 22 Jun 2005 13:24:48 -0400 (EDT) "Stuart D. Gathman" 
<stuart(_at_)bmsi(_dot_)com> wrote:
While the actions of Microsoft are morally wrong, they expose the achilles
heel of SPF classic:  The system depends on receivers correctly
interpreting the published SPF records.  The Microsoft deployment is in
essence a very broken SPF checker that seems to be confused about which 
identity is being checked (and it wouldn't surprise me if it has other 
serious problems as well).  

When any receiver checks SPF incorrectly, whether it is using the wrong
identity ala Microsoft, or failing to account for forwarders like so many
others, a sender is often forced to resort to tweaking his SPF record if
he needs to get mail to the broken recipient.  (Although in the case of 
broken forwarding he can usually get the target email from the DSN and use 
that instead.)

If it is a small company, you can usually call them on the phone and 
explain the problem, and they will fix it.  In the case of Microsoft, the 
error is intentional and malevolent - a phone call is useless.  Are there 
enough people prepared to write off hotmail.com as a viable rcpt to?  Or 
has MS just slain Achilles?  

Actually, if enough people contact hotmail support everytime their broken 
implementation causes a problem, it might eventually have an effect.

-- 

It would be interesting to know if they make any use of exp strings.  That 
might be another way to deal with the issue.

Scott K


<Prev in Thread] Current Thread [Next in Thread>