[Mimedefang] Deadline for SPF records *long w/morbid horoscope*

[Cor Bosman]

> >> Again, this completely solves the issue of forged return address
> >> bounce e-mails.
> > 
> > Actually, no it doesn't.
> > 
> > Let's try another ISP-as-MX scenario, this time where the company runs its
> > own mail server as primary MX, but uses the ISP's server as a secondary: 
> 
> Whoa... stop right there.  If ISPs do this, there's a growing onus to maintain a "valid user" list, even without spam/virus filtering.  The details are up to the ISP to determine - whether they hook up a scheduled feed from the customer (via, say, LDAP) or whether they ask the user to manage valid users via a web interface.

It's not a question of ISPs doing it, it's a fact that ISPs have been
doing it for many many years. From way before spam became a problem.
Changing it is not going to be pretty. Try and tell 100.000 customers that
they have to maintain a valid userlist with you. It's possible (for certain
interpretations of possible), but very very costly and timeconsuming. 

Ofcourse it's easy when you run your little homesystem for you and your
wife. Sure it's easy when you have 15 employees that you can force a change
upon. It is not easy, not by a long shot, to change the behavior of
many many customers. It is not a question of 'changing a door'. It's a
question of changing 10.000 doors, some of which you didnt even know existed,
some of which baffle even you, and you run the damn system, some of which
have had keys made in gold with jewels laid in, some of which have 5000
copy keys unbeknownst to you, and you need to tell the user of that door
to please give everyone a new key and they dont even know who uses it. Some
of these doors are used by lawfirms just aching to sue you. 

Changing anything, even something seemingly benign, often has large
implications. 

Now dont think that that means ISPs dont want to fix things. ISPs have been
fixing things and are fixing things. We are as we speak implementing a 
very large mimedefang system (50+ servers) to move more and more checks
to the front door so we can reject there. But I am realistic enough to know
it's never going to be 100%. There will always be noise on the line. 

> But accept-everything-and-send-manual-undeliverable-reports-later is becoming less and less acceptable of a strategy.

Just to clarify. The person you are replying on said that it might very well
be that you are accepting for a valid recipient as a secondary MX, but the
primary can still reject you for totally different reasons. The secondary
would then have to bounce. Thats part of the noise..

How far are we from banning each and every bounce? :) "Dear ISP, I got a bounce
that my email cant be delivered, please stop! I dont want to know!" :)

I give it 1 year max. 

Regards,

Cor