[Mimedefang] Deadline for SPF records

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Aug 12 03:33:57 EDT 2004


On Tue, 10 Aug 2004, Cor Bosman wrote:

> I mean, one of your customers (employees, whatever) sending email through
> your server using validusername at hotmail.com (basically their own hotmail
> account).

They can in the From: header, but in the envelope your MTA is to ensure 
that DSNs have a valid return address, hence, the envelope must be some 
local account.

> Sure, but if they are sending themselves (and have for years) and suddenly
> people are implementing SPF and we dont list their dynamic dialup host
> as a valid senderhost, their mail will be suddenly rejected.

Yup. That's is what happening now already, because of DUL blacklists.
Do you participate in some SourceForge projects? I do. And I painfully 
noticed that I cannot run those mails through my mail server at home.

> Yeah, they could/should use our mailserver, but im just trying to say
> implementing SPF has a _lot_ of side effects.

Too much, for what I see currently.

> Plaintext, you need to use SSL. How do you 'make' them use authentication?

Turn off non-authentificated access.

> You dont control if they decide to use the hotspot's email smarthost, or
> use software that does the delivery itself. If you publish SPF records,
> then their email will be rejected. Maybe not such a big deal in your
> case, but im sure we have thousands of customers emailing with our
> domain name from remote locations not using our mailservers.

That is one problem of the current SPAM. Because legit mail may flow in 
non-signed and from any host. If anyone would use PGP or S/Mime, there 
would be no forged senders, if one would use a confirm-style certificate 
check-in mechanism (like when you join a mailing list that sends back a 
message to your mail account to verify that a) the address really exists 
and b) you are the particular person that initiated the join) -- at least 
not forged in the sense "there is an existing mailbox", as one could 
allocate easily one at any freemail (web) hoster,

Bye,

-- 
Steffen Kaiser



More information about the MIMEDefang mailing list