[Top] [All Lists]

Re: [spf-discuss] (SOLVED) SPF blocking e-mails coming from an E-card service server

2007-04-27 21:21:57
On Fri, 27 Apr 2007, dan1 wrote:

However, please talk a bit more about the bounce and the 'here's your 
bounce' mail you sent me, is this to you a flaw in my code?

Alex is complaining that you don't verify the alleged MAIL FROM entered
by a user on your site.  He would like you to make all users have
an account on your site, confirmed by sending them an email with a
confirmation token (cookie) which they have to send in a reply or
enter on your website.  This is standard procedure for creating accounts
with confirmed email addresses.  Then you can be sure the user really has that
MAIL FROM when he sends e-cards.

I'm not sure Alex's complaint is justified.  Let's compare, assuming
a mean person enters your email as the MAIL FROM just to annoy you:

Your way: you get a bogus bounce for each e-card sent by the meanie.

Alex's way: you get a bogus bounce for each time the meanie enters
        your email to create an account.

In both cases, you already limit the number of time they can do that by IP.

I don't see the advantage to requiring accounts, Alex.

Musings: This business of e-card web sites sending the email is
all wrong.  The site should generate an e-card for you, then you download
or link to the generated card and email the user yourself.  (Of course
if M$ tries to make this convenient, then an e-card site will be able to do
mass mailings every time an Outlook user connects.)

I have seen sites where the email has a link that expires in 30 days,
and I have to click on the link to see the card.  That link could be sent
directly by the sender.

              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>