On Wed, Jun 22, 2005 at 11:11:19AM -0300, Christian Willy Asmussen - Young Padovan wrote: > Claudio Jeker wrote: > > >spf is broken by design. It only helps if you are aol or hotmail. > > Sorry, but what part of it's design is broken? I'm not aol, neither > hotmail and it has been helping me quite a bunch. >
How many ISP do have SPF entries? 1% and that's a generous guess. What does it help against? SPAM, no way. Joe jobs, yes. It only helps against joe jobs when the other mailserver has setup SPF and your SPF entry does not have an all or ~all or whatever entry. For me regular SPAM is more anoying than joe jobs and for that a method like greylisting is much more effective. > >Those ISP I know that implemented it had to add a whitelist all entry > >because of mobile customers. In the end they could run just > >without it and be as happy. > > > > > I don't understand, what kind of mobile customer would be rejected by > spf? Shouldn't a mobile user be sending his e-mails through his ISP's > smtp server? > Ja ja ja. You know there are public networks (WLAN hotspots et al.) that force you outgoing mail through their SMTP server. You need to educate your customer to use an alternate port with SSL/TLS and AUTH SMTP -- good luck. Btw. most joe jobs use some random address so RCPTCHECK is a very good tool against them. > >There is no benefit and parsing the dns entries is a major pain in the > >ass. > > > > > Parsing the entries is certainly a pain in the ass, but that's a done > job. The patch for vanila qmail works and can be ported do qmail-ldap > with some effort. > Did somebody audit the code? Did anybody audit the spf standard? I just looked at the spf syntax and stuff like "include" and "redirect" smells bad. -- :wq Claudio
