Hi Dave (and everyone else!), Friday, June 11, 2004, 5:02:14 AM, you wrote:
[snip...] DW> I left the confirmation on initially just to see what happens and DW> emailed a post to my blog. I waited and waited and waited for the DW> confirmation, nothing. Weird... Check the mail server, no backlog. DW> Happen to look at my incoming spam folder, and what do you know, DW> blogware is forging a domain it does not own or host and has never been DW> authorized to send from, and as a result my mail server flagged it as spam. We should try and get some perspective here. Blogware *was* given authorization to send mail as "From: [EMAIL PROTECTED]" as this is controlled within your own blogware account settings which *you* manage: Settings-->Article Notifications --- NOTE: --------------------------------------------- A) You do not have to allow for article notifications... this is a knob. B) You get to control which address is used for the outbound email. ---- End Note ------------------------------------------ If you enforce SPF with your spam filters, one would typically think that you would be careful with what services or locations you use when mail can be sent as "From: you". Granted, you may not have looked across the entire area of settings or known what every bit means. But your "blast" was harsh enough for one to assume that since you expect so much from the developers and are ready to hammer on them, you might have done some homework first. It might make sense for blogware to allow for you to choose an "@blogware.com" account for your source email and it is something that should be considered, no doubt. A [civil] note to this end would start the ball rolling as much as a judgmental one though civility is so much easier on the ego. DW> Well isn't that fancy. In today's world even big slow moving behind the DW> times .COMs like eBay are in the process of fixing their systems so that DW> they don't forge sender email addresses, so I find it rather astounding DW> that OpenSRS found a developer clueless enough to create a system that DW> forges sender information. DW> </rant> DW> I'm sorry if this seems offensive, but frankly, somebody needs a smack DW> upside the head. The term "forge" in this context can be quite deceiving because it is in common use in the 'email' world even when it does not meet the traditional definition of the term, in every other context. But it is what it is and it *is* in use WRT 'email', albeit in a different standard context. So you can call a header field "forged" and NOT have it be a bad thing when traditionally "forged" means something bad. "Forged" From: fields are not always bad, despite what the label might imply. Don't believe me? Ask the author of Postfix, one of the most pervasive SMTP servers in use today. Ask him about SPF too and you may change your filtering mechanism. Back to the point. If you read RFC 822 and specifically section 4.4.1 (http://www.faqs.org/rfcs/rfc822.html), you'll note that *intention* is a critical. A snippet: This field contains the identity of the person(s) who wished this message to be sent. The message-creation process should default this field to be a single, authenticated machine address, indicating the AGENT (person, system or process) entering the message. If this is not done, the "Sender" field MUST be present. If the "From" field IS defaulted this way, the "Sender" field is optional and is redundant with the "From" field. In all cases, addresses in the "From" field must be machine-usable (addr-specs) and may not contain named lists (groups). If you read it carefully, you'll see that blogware is meeting the proper criteria, on your behalf. And again, you don't have to enable this. If SPF (or Yahoo!'s implementation, etc) ever gets legs, perhaps blogware needs to provide more information to you so that you can make the proper allotments in DNS or whatever. But to call it outright bad and use the strong language that you have used assumes that everyone subscribes to *your* method of filtering. If Ebay is going a particular route it does not become synonymous with the *correct* way of doing things, as most of us know by now. Dave, I've been on this list for a long time and I generally love your contributions. In this case it seems to me that you slammed folks for not following your [email filtering methodology] faith and that is out of character for you. I'm sure that blogware can be optimized to meet today's growing needs of its resellers but tossing around judgements instead of asking for more functionality and providing solutions makes the whole process take longer and is subject to the notion of, "you catch more flies with sugar than with vinegar". In the end, I get corrected by or informed by people all the time so I am way open (California style, "way") to feedback on my comments and welcome any corrections. Thanks, -tom
