On Tue, 22 Nov 2005, Bruce Barnes wrote:
And AOL takes this a step further, now PROHIBITING messages from servers
without RR records. The fully qualified client name MUST resolve to a PTR
record for every e-mail message received . . .
This is unfair and discriminatory. Small domain owners with less than
a class C public IP block do not have direct control of their PTR records.
Most ISPs catering to small businesses are clueless about PTR records,
and are a monopoly to boot.
It also weakends SPF, because the only recourse left is to relay mail through
another domain lucky enough to have PTR records - but that then weakens
the authentication provided by SPF, since you are dependent on the security
of the MTA helping you out.
I am still not aware of a commercial SMTP relay service that actually
checks for cross customer forgery.
The workaround I use for the 40 small domains I manage is to relay through
bmsi.com (which does have working PTR records, thankfully) only for domains
which insist on PTR records (configured through mailertable in sendmail).
SPF supporters should discourage requiring PTR records - at least when
an SPF record is present (unless said SPF record requires it via ptr
mechanism).
My policy is to require EITHER a valid PTR, or a valid HELO, or an SPF
record with PASS or NEUTRAL.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com