I agree that SPF is not very useful in the situation Matt outlined. We're in the same boat with users that may use their ISP or us to send mail from their domain. While SPF attempts to handle it through a switch that references other providers' SPF records, It's just not practical to list all possible ISPs that an end user could use to send mail.
However, I have seen benefit from specifying domains that do not send mail. Spam that spoofs the from address as one of these domains is getting blocked...some of which was not previously getting blocked (sorry don't have firm numbers yet). Also, it is useful for corporate customers that can guarantee that all email will pass through one of a few mail servers. Only problem there is travelers who would then need to VPN or otherwise authenticate with one of those servers in order to pass SPF. Darin. ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 30, 2004 11:24 AM Subject: Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc Grant Griffith - Declude JM wrote: >If someone sends an email and it shows up on our server as a 64. address. >What about when the message is delivered to someone at AOL? Will it also >see the 64. address, therefore fail the SPF test on their end also? > > Sorry to butt in on this one...Yes, SPF would fail on other systems as well in that situation. As far as I can tell, SPF-PASS is not useful because there is nothing stopping a spammer that owns a server to set SPF up for it. Setting up SPF for your domain is also IMO a bad idea unless you can guarantee that all of your users will only come from certain IP's when they send E-mail. For instance, although I prefer to be the outgoing SMTP server for my clients, some of them are either blocked by their ISP from sending E-mail through my server (port 25 blocking), or they just simply chose to set up their computers to use their ISP's mail server instead of our own. Therefore, I don't have a single client that I can guarantee that they will be coming from a particular range of IP's. While some people around here might only add a few points for such a failure, some have said that they will automatically hold any such messages that fail and I'm sure that there are people out there that will delete on such failures. You can set up SPF for you domain that states that the domain can be used from any IP, however I don't see any value in stating that something can come from anywhere when that in effect is the status quo. SPF is an interesting idea, but they're missing a step or two that would really make it useful IMO. The SPF folks recently agreed to merge their spec with Microsoft's and that might produce a more accurate test, but I haven't been following developments closely and can't say for sure. Practically speaking, it's the openness of E-mail and the fact that it was never designed or implemented to prevent spoofing that is the cause of this problem, and the best way to get at the issue might be to simply re-write SMTP to allow for authentication of non-local E-mail. I'm sure that Scott, Sandy and others have a different perspective. They are both fans of SPF and I am not. Who knows, maybe it is me that is missing something. I won't implement SPF on my domains at this time because of the possibility of some other admin blocking their E-mail in that 1% that doesn't come through my server, and to list them as non-specific to address space caries no apparent value. Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
