[Mimedefang] Deadline for SPF records

Cor Bosman cor at xs4all.nl
Wed Aug 11 12:14:20 EDT 2004 

> > > >Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail
> > > >address is sales at acmewidgets.com. A potential customer,
> > > >bob at example.com, tries to send me an e-mail message from his laptop
> > > >using a public access point in his hotel. The network he's on is not
> > > >listed as an allowed relay for example.com, according to their SPF
> > > >record. My administrator (at acmewidgets.com) is honoring SPF
> > > >records. What happens?
> > >
> > > That's just it - if your sales guy is at hotel with his laptop, he could
> > > use AUTH/STARTTLS and actually relay through his company's mail server.
> > > Thus the email from sales at acmewidgets.com would be delivered by
> > > mail.acmewidgets.com to where it needed to go... SPF would be valid.
> This
> > > no bounce at the destination.
> >
> > You try and tell that to thousands of customers. Who had their laptops
> > set up in 1997 by a company that has long gone bankrupt. And will sue
> > you if suddenly their email isnt working anymore :)
> >
> > Welcome to the world of ISPs :)
> >
> 
> I assume you mean that you're an ISP and that you've "acquired" customers
> from a now-defunct ISP and that they need to be able to send email as if
> it came from your domain (say big-isp.com) using whatever server was setup
> on their laptop by their previous ISP.

No. I mean to say that customers are a weird bunch, with weird setups,
that have always worked, and if we make it not work, we have some
explaining to do. Not impossible, but not trivial either. Some people
seem to think that because something is easy for them, it must be easy
for everyone. 

We have for instance thousands of customers that have moved to a different
ISP for access (for instance because we didnt offer DSL in their area
so they got cable), but decided to keep services with us because they have
email/homepage/whatever, or they just like us so much. 

Often they send out email themselves, or through their cable ISP, with
our email address. They _should_ be using our servers with SSL/authentication
but if you can say one thing about customers it's that they never do what
you wish they'd do. 

Making customers, in the thousands of tens of thousands, change their
configuration is not an easy task. And we do actually have cases where
we changed something, it broke a customers config, they sued us because
they couldnt change the source of their software because they only had
the binaries and the company that had the source had long gone bankrupt.
They're the exceptions, but again.. customers do weird stuff :)

Cor

More information about the MIMEDefang mailing list