[Mimedefang] Deadline for SPF records

alan premselaar alien at 12inch.com
Wed Aug 11 04:54:59 EDT 2004



Ben Kamen wrote:
> Richard Laager wrote:
..snip...
> 
> That's just it - if your sales guy is at hotel with his laptop, he could 
> use AUTH/STARTTLS and actually relay through his company's mail server. 
> Thus the email from sales at acmewidgets.com would be delivered by 
> mail.acmewidgets.com to where it needed to go... SPF would be valid. 
> This no bounce at the destination.
> 

this assumes that whatever ISP the sales guy is using at the access 
point doesn't block out-going port 25, like many ISPs have been known to do.


You'd then have to configure the mail servers to accept connections on a 
n alternate port (that's not likely to be blocked by ISPs) and you'll 
also have to configure the sales guy's laptop to connect to your server 
on that specified port.

> So the second part below wouldn't even be an issue.
> 
>> If the people at example.com have setup their SPF record to say that
>> mail from unlisted networks should be bounced, the message will be
>> bounced. If they've said it should be subject to additional checks,
>> but not outright rejected, it will be accepted and the SpamAssassin
>> score increased. The behavior is exactly per their setup.

if whoever is providing the service for the access point has the policy 
of "you must route all mail through our mail servers" then this 
certainly does become an issue.

I think the biggest hurdle is to get everyone in the internet community 
responsible for the configuration of mail servers to a) agree on 
configuration policies and b) actually implement them.

my 2 yen worth

alan



More information about the MIMEDefang mailing list