[Mimedefang] SPF
Rich West
Rich.West at wesmo.com
Sun Nov 5 17:20:49 EST 2006
David F. Skoll wrote:
> Apparently, an e-mail someone sent from within our network (ie, it
> had an SPF "pass") was bounced by a broken server because of SPF. That
> was the final straw.
I know this is now off-topic from the list, and I don't mean to rock the
boat any, but that is a pretty weak excuse. There has to be more to it
than some idiot's broken email server that drove you that decision.
Fortunately, in the internet realm, we don't have to work to the least
common denominator of systems out there. If there's a broken system,
then they are the one with the problem, not everyone else.
SPF's only goal was to provide a means toward ensuring that the email is
originating from an authorized location. That gives the email
administrator full knowledge of where email is being sent through.
Also, SPF is one of those "set it and forget it" things. It should
never require constant tweaking or maintenance. Periodic, maybe..
For folks on the road, there are plenty of workable solutions. Sending
email through the local ISP is really a back-door to get around the
controls put in place more than it is a proper way of working (or "best
practice"). Provide them with VPN access or allow for them to send
email out through an email server under your control (via user/pass TLS
authentication). The tools and pieces are all there, it just takes the
time to get it all together and functioning properly.
Besides, what looks more professional: Email from
user at roaringpenguin.com, or email from user at comcast.com with a reply-to
set to user at roaringpenguin.com? That, and, at the very least, you know
the entire path of the email before it leaves your environment. When
going through a local ISP, you don't know how many copies are kept or
eyes are looking over those emails. And if there is a problem with
their server (local ISP's make a lot of DUMB mistakes), you're sunk.
It seems like there is more to lose than gain by taking the short route.
I'm no SPF fanatic, but I do believe it is one of the many tools that
are good to have in that arsenal.
-Rich
More information about the MIMEDefang
mailing list