Jim Fenton wrote: > Unfortunately, I see efforts to encourage publication of > SPF/SenderID -all records without explaining all the > implications of that so the "education" being done there > may not exactly be helpful.
I've no idea what the SenderID (i.e. PRA) folks do, but the SPF site highlights the problem several times, e.g. point 5 in <http://www.openspf.org/FAQ/Hints_for_ISPs>: | You should never publish "-all" for customers domains | without the consent of your customers. They *will* have | ways of sending mail that you don't know about. Keep | your customers informed about your SPF roll-out, this | will prevent them from being unpleasantly surprised by | mail that suddenly is not delivered due to SPF "fail" | results. Insufficient communication will drive up your | support costs and result in your customers being less | happy with both your service and SPF [tools to detect outgoing on mail from obscure places] > I'm not sure I understand exactly what you're getting at The "exists" mechanism can be used to track which IPs send mail for a given domain (down to most local parts if necessary), but of course only for what's checked, HELO, MAIL FROM, maybe PRA, not "first author" unless it happens to match the checked identity. > if the tool doesn't take that into account, it might > miss some interesting cases. Yes. I'm lost how the tools you talked about can get better data, or is it a case of senderbase datamining ? Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
