spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: SPF implementations

2005-08-16 02:45:46
from [Håkon Alstadheim] [Permanent Link] 
Seth Goodman wrote:

The most important question you asked,  "Isn't this just wishful thinking?",
deserves a serious answer.  I suggest that as SPF gains deployment, MTA's
that send a lot of messages that fail SPF are going to get bad reputations.
This will cause them difficulty delivering legitimate mail.  The same will
ultimately happen if they deliver a lot of spam that does pass SPF.  If
neither of those happens, I would say that SPF would be a failure.  However,
I don't see it playing out that way.


Amen.

One way for ISP's to partially avoid this is to do an SPF check on outgoing
mail.  However, that doesn't address the root cause, which is uncontrolled
submission rights.  If they want to keep their reputation up, they will
ultimately have to enforce submission rights more than they do today.  That
means some means of controlling use of foreign domain names, and in the
headers as well as the return-path.  Think about it:  how many _real_
senders, not concocted corner cases, would be adversely affected if their
ISP required the return-path to match the highest originator header _and_
the resulting message to pass an outgoing SPF check?  This doesn't limit the
domains you can use.  It just says that the 2822 headers have to reasonably
match the 2821 envelope and SPF is the arbiter of whether or not you can use
the domain name.  Since the SPF record is published by the domain owner,
this appears to be a legitimate restriction.
If only ISPs would start to offer SMTP with TLS or SSL. As it is I either have to run my own mail server (on a dynamic ip, through an ADSL line) or use whatever SMTP server is available at wherever i connect when I'm travelling. If the SMTP server at "wherever I connect" starts enforcing consistency on headers in emails exiting their network, I sincerely hope my own ISP will let me start logging into their (MY! ) SMTP server through some secure method. The worst case would be strict egress filtering + no SSL or TLS login available + recipients dumping mail sent directly from dynamic IP-adresses. That would really s*ck. 
--
Håkon Alstadheim   +47 74 82 60 27
7510 Skatval
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: SPF implementations, Graham Murray
Next by Date:  Re: Re: SPF implementations, Scott Kitterman
Previous by Thread:  Re: Re: SPF implementations, Dick St.Peters
Next by Thread:  Re: Re: SPF implementations, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]