[Mimedefang] Deadline for SPF records

Les Mikesell les at futuresource.com
Wed Aug 11 10:56:49 EDT 2004 

On Tue, 2004-08-10 at 12:55, Daniel Taylor wrote:

> | Put a price tag on that. If you are selling a product, how many
> | dollars worth of orders are you willing to discard because the
> | potential customer sent a request for information through a
> | public access point instead of their own ISP?  Discarding their
> | mail is the only way you can _make_ someone else do things
> | your way.  Is it worth it, when what really matters is the
> | individual authentication and/or the message content?  I just
> | don't see much value in some untrusted third party's claim
> | of authentication.
> |
> Excellent point.
> Unfortunately for your intended point it cuts both ways.
> 
> In the case of an SPF reject the potential client gets an immediate
> notification that something is wrong, and can take corrective action
> if they are that interested. Since their company must be publishing
> a strict SPF record for this scenario to occur they just may appreciate
> your respecting their policy and call you instead.

My prediction:  if people actually read these rejection notices,
spammers will immediately start forging them but replacing
the informative content with spam.  I already think a lot of what
currently appear to be bounces are in fact originally crafted
that way to get through spam filters and make it look like
something important that you sent failed.  Then people will
stop reading them...

> Say your potential client sends the same e-mail from the same location
> and your spam filter sidelines it because it triggered a couple minor
> SA rules and was from a blackholed IP range.

Well, that would be my own choice, wouldn't it? 

> Now your potential client thinks the mail went through, you know nothing
> about it, and the business opportunity may well pass permanently because
> the potential client thinks you just aren't interested in the business.
> They are almost definitely offended by the non-response.
> 
> Which scenario works better for you?

The latter, because I can apply my own valuation to the filtering and
check every message if I consider it worthwhile.  If it happens at
the transport level, individual consideration no longer applies.
For exactly this reason, I never discard spam at the transport
level but tag it with MD in a way that lets individuals choose
their own filtering level. 

The place where it might be useful is in catching viruses that
forge the sender address, though.  We've recently seen at least
two that came through before the scanners recognized them so
you can't really count on detecting them by content.

---
   Les Mikesell
    les at futuresource.com

More information about the MIMEDefang mailing list