--On Samstag, Juni 25, 2005 05:37:03 -0400 Hector Santos
<spf-discuss(_at_)winserver(_dot_)com> wrote:
[...]
Adherence to RFC822 with provisions for extensions of RFC2822
and easy switchover.
Thats easy to say. Try to actually implement the design considerations
when writing your software. You are using SendMail. What options does
it have for this?
The milter interface allows you to be as ananl about RFC-conformance as
you want to. :-)
But sendmail itself is quite relaxed about RFC-conformance as it is a
multi protocol mailer and thus may also process non-RFC mail
intentionally.
[...]
How you are going to deal with this? If you are a legacy conservative
822/821 system how will you handle it?
Depends on which kind of censervative you are. The RFC also states that
you should be liberal in what you accept, so you mitght also accept it.
Personally, I'm inclined to reject the "To:"-less mail. But this would
be for my personal mail (recipient's decision) not for mails that I am
just providing transport for. Making something like a that recipient
configurable (i.e. a policy option for the recipient) would be a nice
thing.
[...]
In other words, you mean you have a POST SMTP implemenation of SPF? <g>
No, SPF is run at SMTP time (thus using the data valid during the SMTP
dialog) but the results are evaluated later as part of the general spam
filter rules. It's not perfect but will have to do until I get around to
make SPF recipient configurable on our systems.
You must get a alot of spam! <g>
About 1500 to 2000 per day just to my personal system.
Geez, I don't know what to say. <g> I mean, why do you allow it? Do you
mean you reject this amount or this is amount that goes into your junk
box?
This is what goes into the spam bin. Worms are rejected (different legal
situation). It's a matter of priorities and unfortunately other problems
always managed to to get a higher priority assigned by management.
[...]
It seems is that you are using a POST SMTP system, a conservative concept,
which we still most support in our 20+ years package as well, but this is
old technology and doesn't fit well with new email
authentication/authorization ideas.
The change in mail architecure has been scheduled for more than a year,
but the priorities of directly paying jobs always interfere ... :-(
So I understand 100% where you are going from.:-) Trust me, I do. I
still got sysops thinking they are using UUCP <g>.
Oh, I *do* use UUCP (and this is over X.75, no IP involved).
Ralf Döblitz