spf-discuss
[Top] [All Lists]

Re: DM News says: MSN requires Sender ID Authentication

2005-06-24 15:36:07
--On Freitag, Juni 24, 2005 15:08:21 -0400 Hector Santos <spf-discuss(_at_)winserver(_dot_)com> wrote:


From: "Ralf Doeblitz" <list+spf-discuss(_at_)doeblitz(_dot_)net>

Second,  this was relaxed with RFC 2822, the current
standard, by removing the To: requirement:

0822 Standard for the format of ARPA Internet text messages. D.
     Crocker. Aug-13-1982. (Format: TXT=109200 bytes) (Obsoletes RFC0733)
     (Obsoleted by RFC2822) (Updated by RFC1123, RFC1138, RFC1148,
     RFC1327, RFC2156) (Also STD0011) (Status: STANDARD)

2822 Internet Message Format. P. Resnick, Ed.. April 2001. (Format:
     TXT=110695 bytes) (Obsoletes RFC0822) (Status: PROPOSED STANDARD)

Not sure why you posted this?

Because RFC822 *is* the current standard while RFC2822 ist just a proposed standard that will replace RFC822 sometime.

[...]
If you were writing a SMTP system today, which would you use?

Adherence to RFC822 with provisions for extensions of RFC2822 and easy switchover.

[...]
hmmm I see you wrote RFC 822.   What about RFC 2822?   Don't you think you
will have 2822 based mail sent to you?  I think you will have alot of
false positives with a strict RFC822.

I don't think so. AFAICS people mainly tend to fall into two categories: the Microsofties who even use unencoded 8bit characters in the mail headers and the Conservatives that will comply with RFC822. Those who like to push the envelope are a minority here (i.e. the mail that I handle) and usually also quite capable of adjusting to the needs of receiving systems (after all, you cannot expect every system to be able to cope with extensions that are not yet a real Internet Standard).

The advantage of using strict conformance to Internet Standards as a means ti reject unwanted mail is that you have a good legal base for doing this. The sending party violated the standards, not the receiving party, a fact that makes defense against lawsuits a bit easier.

[...]
Also, I saw something interested.....

| Received-SPF: pass (selene.escape.de: 217.13.70.153 is
|                       authenticated by a trusted mechanism)
| Received-SPF: fail (mx1.asco.de: domain
|                       of spf-discuss(_at_)winserver(_dot_)com does not
|                       designate 65.10.60.163 as permitted sender)

When I did that manual telnet from my home machine to your system and used
this spf-discuss(_at_)winserver(_dot_)com,   it should of rejected it based on 
my
WINSERVER.COM SPF policy.

I have a hard fail for winserver.com.  Why did you continue to accept it?

Legal reasons. The receiving system can not (yet) be configured to reject mail for certain recipients while using tagging only (or even no SPF at all) for toher recipients. So I'm stuck with tagging for a while longer as filtering without the recipient ordering it would be illegal here in Germany. Splitting the MXes and using SMTP rejects has a high priority but still gets postponed by more important work (as the customer defines ...) quite often. Sigh.

You must get a alot of spam! <g>

About 1500 to 2000 per day just to my personal system.

Ralf Döblitz


<Prev in Thread] Current Thread [Next in Thread>