spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] Misuse of Return Address

2006-12-06 14:39:20
from [David MacQuigg] [Permanent Link] 
At 05:11 PM 12/5/2006 -0500, Stuart D. Gathman wrote:

On Tue, 5 Dec 2006, Seth Goodman wrote:

> The second way for box67.com to get the desired functionality is to
> provide SMTP AUTH services over port 587.  If the network at Raytheon
> permits this, users inside the network connects with the box67.com MSA
> over port 587 and gives it their login credentials in order to submit a
> message.  Since mail submissions over port 587 require login, most
> networks don't bother to block outgoing connections, but they might.
> For cases where the foreign network allows this, it is preferable
> because you don't have to list the foreign MTA's in your SPF record and
> there is no risk of the foreign domain forging your return-path.

Yes, this is the only sane way to do what he wants.  Since these are
fixed email clients (which wasn't clear on my first answer), they
can be configured to do so.
Box67.com is a recipient's forwarding service. It does not provide SMTP AUTH, outgoing mail, mailstorage, POP accounts, webmail, or any of the other features offered by a full-service ESP (email service provider) or a typical company mail server. Box67.com has one purpose, and that is to provide individual users with a permanent address and open-source access to the best authentication/reputation systems on the planet. Box67.com may add other services later, but for now it must stay focused on its primary goal.
Even if we add outgoing mail services we will still have a problem trying to force changes on the world. Our recipients do not want to change their email programs, their ESPs, or anything about the way they do business. It is even a bit much for them to deal with our subject-line tagging - [], [*], [**], [**spam**}. As one of our first beta testers put it - "Just get rid of the spam, and spare me the details."
The one big thing we must ask our recipients to do is change their Reply-To/Return address. For now, that is the only way they can use our authentication/reputation system. That will change soon, however, when we have a package they can have their admins download and install on their own mailserver. Then they can have their own strict SPF record, and box67.com is not involved.
We don't want to encourage misuse of the Return Address, but we have to accept it because we cannot expect our clients to change their email programs. I would join with the leaders of the SPF community in petitioning Eudora and perhaps others to change what appears to be a simple, obvious problem, but I can't insist that our clients bear the expense or inconvenience. They will simply bow out. 

-- Dave

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Suggestion: SPF record vs. SPF policy, Julian Mehnle
Next by Date:  Re: [spf-discuss] Misuse of Return Address, Scott Kitterman
Previous by Thread:  RE: [spf-discuss] Useful SPF results, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] Misuse of Return Address, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]