Autor: Edgar Lovecraft Fecha: A: exim-users Asunto: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
Avleen Vig wrote: >
> On Sun, Mar 21, 2004 at 11:40:05PM +0000, David Woodhouse wrote:
> > You were asked not just to give an example of something which SPF
> > stops, but something which SPF stops but the alternatives do _not_
> > stop. This was to support your claim that SPF offers 'FAR more' than
> > the alternatives which serve to verify the sender, remember?
>
> No I said it offered far more that JUST verifying that the user who send
> the mail was a legitimate member of said domain. That 'far more' is
> verifying the authenticity of the relay machine.
>
> There might be other solutions out there, I don't know of any which are
> becoming as popular as SPF.
> --
Here is another of my nieve 'fixes' for these things...
qoute: That 'far more' is verifying the authenticity of the relay machine.
How about this for 'verifying the authenticity of the relay machine':
Have the Large/Major ISP's/Companies/Education systems/etc. start forcing
ALL email they accept to have 'rDNS == IP A == HELO name', again, this
does not 'fix' the problem, but it would force proper connection
information from the connecting hosts, this is already STRONGLY SUGGESTED
in the current RFC's and does not require major confiquration changes or
'global compliance' to make it work, it does however force any small/medium
sized business or entity who are the largest group in the non-compliance
area of proper SMTP setup for 'valid?' email any way, to fix thier setups.
This does far more than SPF can do when 'verifying the authenticity' of a
remote system, and it does not break email forwarding.
This is not perfect either, but would go 'far further' than SPF, be less
complicated, and help to 'fix' the broken valid MTA's that are out there.