[Sussex] spam filtering

Andy Smith andy at lug.org.uk
Sun Aug 20 16:15:58 UTC 2006


On Sun, Aug 20, 2006 at 10:51:49AM +0100, Vic wrote:
> > I choose not to use SPF
> 
> That's your choice. You are entitled to make it.

And I am entitled to make it without SPF fanboys saying that I do so
because I don't care about domains I control being forged!  At least
concede that many people have serious issues with the design of SPF.

> > Particularly, expecting the world to implement something as freaky
> > as SRS just so that your users can continue to forward mail through
> > them retaining your domain in the address is rather naive and
> > impractical.
> 
> That's your opinion. It is not everyone's.
>
> Many people consider SRS to be a workable system; whether or not
> the entire world moves over to SRS doesn't really matter. It's a
> common misconception that SPF/SRS requires 100% participation to
> work, but that's just wrong.

Okay so say I start checking SPF on a domain on behalf of thousands
of users.  Suddely I will be rejecting mail that gets to my users
via any intermediate relay that doesn't implement SRS.  You can go
on all you like about how the sending domain should have set a
weaker SPF string or educated its recipients about forwarders, but
we know that's not going to happen.  So somehow prior to doing this,
I have to educate my users about the fine points of SRS, SPF,
forwarding, sender addresses, etc. etc.  It is also not going to
happen.  So I cannot check SPF without whitelisting every forwarder
that any of my users may use that has not yet implemented SRS.

Okay so say I decide to publish SPF.  Now my users can't use the
email domain they used to use unless they send via a list of servers
that I specify.  I can make this policy and just say "tough luck" to
those who don't like it, but that's not great customer service is
it?  I now need to provide more infrastructure so that all the users
can do SMTP AUTH through my servers from wherever they might be in
the world.  This is already the case in many setups, but not all, by
design.

It doesn't require 100% participation but until then for many setups
it is a major pain in the arse and that's why I believe it will
never get anywhere close to 100% participation, which is a vicious
cycle.

> SPF/SRS becomes more effective as more people use it, but it is
> *already* effective (and certahnily effective enough for me)

I have no trouble believing it works for a domain with hardly any
users, I have no problem believing that publishing SPF works for a
domain where its users (accept that they) can only use the
smarthosts provided, but this is far from describing the majority of
mail setups.

Cheers,
Andy

-- 
http://strugglers.net/wiki/Xen_hosting -- A Xen VPS hosting hobby
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060820/180421ba/attachment.pgp 


More information about the Sussex mailing list