* Implemented blacklisting. * Clarified current recommendations and added content to the page. * Removed redirect for Microsoft Internet Explorer users and converted the page to HTML 4.01 Strict.
Still http://www.chaosreigns.com/mtx/ I think the only thing left to do is to switch from send() to bgsend() for speed. Hopefully this weekend. I would obviously appreciate testing. How much has SpamAssassin broken backward compatibility for plugins since version 3.2.5? On 02/11, Matus UHLAR - fantomas wrote: > Imho, SPF does NOT break forwarding. It only causes the broken forwarding to > be rejected. If I forward your mail to other address from my No argument here. I encourage you to fix it. > So you define the IP 64.71.152.40 as OK when sending mail from > @panic.chaosreigns.com. address. > > so it's the exactly same as > > panic.chaosreigns.com. IN SPF "v=spf1 a:64.71.152.40 -all" No. MTX defines 64.71.152.40 as a legitimate transmitting mail server, regardless of the domain in the envelope from, From: header, etc.. Popular misconception, it seems. > > I'll define it slightly differently: > > 127.0.0.1 is a pass (negative SA score). > > not found is a fail (positive SA score). > > what means "not found"? $ host -t a fish.chaosreigns.com Host fish.chaosreigns.com not found: 3(NXDOMAIN) ^^^^^^^^^ Undefined. > "66.3.168.195.mtx.panic.chaosreigns.com not found" would mean I'm not > allowed to mail from "panic.chaosreigns.com" address? It would mean mail from that IP should get penalized. > Or will my server be allowed to mail from your domain? Because SPF above Yes. > defines this mail to be rejected and nonexistance of the mtx record would do > the same, even it it's your forwarded e-mail. No, as I clarified earlier. > So, since you don't believe SPF to be widely adopted, you expect your way to > be adopted? And all admins must adopt that? Even if they did not adopt > SPF/DKIM for a few years they exist? No, I would say SPF has been pretty widely adopted. But I believe SPF has not been *more* widely adopted due to the forwarding problem. So I created an alternative to eliminate that problem. So yes, I think it might get more widely adopted. Of course I can't expect anything. DKIM also has problems which MTX doesn't have. I mentioned the ones I'm aware of in the recently added Comparisons section of the MTX page. (Replay, content modification, CPU overhead, complexity.) > the correct question is "hwo is this better?". Creating not better system is > useless. Have I answered this sufficiently? > > <IP of mail server>.mtx.<hostname of mail server> > > > > (And the IP needs to be reversed as in all other A records that list IPs.) > > that's what I call complicated. SPF designs the same by using much easier > way, using existing A/MX/PTR records, CIDR ranges, including other SPF > records... I find it bizarre that you can think MTX is more complicated than SPF. On 02/12, Matus UHLAR - fantomas wrote: > On 11.02.10 16:34, dar...@chaosreigns.com wrote: > > I am not suggesting that anyone block anything based on MTX at this time. > > you have been doing that, afaics. Communication failure on my part, I apologize. I hope I have made the web page clearer. My hope is that long term, all mail will be blocked when there is no MTX record. That would obviously be foolish in the short term. I *am* currently causing a very small number of false positives by increasing SpamAssassin score by 2 for any email without an MTX record. As you can imagine, this blocks more spam. Also, the senders of those false positives get notified without sending backscatter. This configuration is currently listed under "Aggressive Testing" on my site. > Read my last mail in this thread where I've asked you how exactly you > imagine the MTX not to "break" forwarding. I'm sorry I missed it earlier. I stopped looking for subjects with "SPF" after I posted one with "MTX". I thought that thread died. Thank you for mentioning it. -- "For every battle there is a price to pay. Now pick up your teeth and go home." - no fear http://www.ChaosReigns.com
