[Sussex] spam filtering

[Vic]

>> > This is only done at
>> > domian level - so as any big e-mail portal like NetIdentity, GMail or
>> > HotMail would have to allow _all_ ISPs to route their domains as they
>> > are bound to have at least one customer with every ISP.
>>
>> It's nothing to do with routing.
>
> What is it to do with then?

It's about whether or not to accept an SMTP connection. Routing is neither
here nor there.

> So in your SPF controlled world you would have all MUAs connect to the
> email servers of the sender's domain.  So how do you authenticate me
> when my laptop is plugged in to some random Starbuck's WiFi network?  I
> would still like to send e-mail as "me".

That's what SMTP-AUTH does. And that's got nothing whatsoever to do with SPF.

> So how much SPAM does this block for you?

SPF is not about blocking spam. SPF is about preventing forgery.

How much forgery does this block for me? I used to get tens of bounces
every day because one of my domains was getting forged. In the couple of
years since I posted an SPF record, I have had *one* forgery. I'd say
that's effective.

> mailman.lug.org.uk &
> lug.org.uk have not specified SPF records and the send's address is not
> the same as the envelope's.  How do you let those in?

You appear to have some strange ideas about what SPF does...

> Of the five examples I've looked at and understood _none_ are protecting
> themselves.

Then you've not understood what is going on.

> beer.org.uk & hotmail.com both have a "~all" (softfail)
> terminator which tells me that the domain owner can not guarantee that
> all ligitimate e-mail that claim to come from their domain do.

That's exactly wrong. The SOFTFAIL result does not mean that at all.

> As for GMail it has a redirect to _spf.google.mail and that has a list
> of IP servers and then defaults to "neutral" which, from the spec, "MUST
> be treated exactly like the `None' result".

Do you think that means that the record is synonymous with a null record?
If so, you've misunderstood SPF again.

> But where SPFs fail is were people use e-mail addresses that are not
> local to the domains from which they send their e-mail.  E-mail service
> providers, like HotMail, GMail, and Yahoo, can not afford to lock down
> their SPFs because:
>
>   1). That would force all their customers to only send email via the
>       e-mail services providers servers.  This would increase the
>       bandwidth those companies needed and that has to be paid for by
>       someone.

That is the choice they make. As you can see from the records posted by
both Hotmail and Gmail, they are already preferring traffic to be sent via
their MTAs. It is down to them whether or not they require that.

>   2). Anyone that uses an ISP that blocks outbound port 25 connection
>       (forcing all outbound e-mails to go via the ISP's mail servers)
>       could not also be a user of a e-mail service provider unless they
>       just used a web frontend.

Absolute rubbish. MSAs use port 587.

>       Most people I've see that have such an account much prefere to
>       just point their MUA's POP3 or IMAP client at the server.

That's inbound traffic. It's completely separate from outbound.

>       While this is fine for reading e-mails they couldn't send because
>       the only outbound SMTP route allowed is via their ISP - and any
>       e-mails send that route would be block by the receiver's MYA.

Still wrong. MSA port is 587.

> I would go futher and say that if the connecting MTA is not configured to
> be a MTA at all then you can reject anything it send.

I have no idea what that means.

Vic.