On Sun, Sep 25, 2005 at 03:10:40PM +0200, johnp wrote:
I get the feeling that there are people who are defending the ISP's
notion of anyone on their network has an SMTP relay without further
checking that the user on the network is actually the real user who is
paying their monthly fee, or someone who has hacked their way in or has
zombie-fied a machine on that network.
Do we really care?
It doesn't matter if it is the user itself or a zombie. That machine is the
spam
source/is relaying spam. That machine should be taken out of the network/be
isolated.
This is both valid from an SPF standpoint and from an anti-spam standpoint.
I am not defending ISPs that do not combat these kind of users. However, there
is, IMHO, no need for an ISP to use password based authentication if they are
doing source address based authorization (PVC, ip address, whatever).
Am I wrong?
Alex
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com