Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Pàgina inicial
Delete this message
Reply to this message
Autor: David Woodhouse
Data:  
A: Avleen Vig
CC: exim-users
Assumpte: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Mon, 2004-03-22 at 00:42 -0800, Avleen Vig wrote:
> That, and someone else needs to adopt it before I'll adopt it.
> I've been the guinea pig enough times and it gets tiring :-)


Well if you _will_ deploy something obviously broken just because it's
fashionable... :)

> While blocking MAIL FROM:<> might not been a good idea always, it IS a
> good idea if you're getting massively joe-jobbed. You just need to
> remember to fix it afterwards to accepting again.


Blocking bounces to certain addresses which never send mail makes sense
-- but not to addresses which do send mail. However, it's trivial to
arrange that your 'real' address never sends mail, so you don't have to
accept bounces to it.

> Similarly, SPF might not be for you. No-one said you have to block mail
> based on SPF. But as a good neighbour I believe you should spend the few
> moments it takes to add a DNS record to help other people.


But there _are_ people who block mail based on SPF. I were to publish
records (other than ?all) that would cause those broken setups to reject
valid mail from my users. As a good administrator I therefore shouldn't
publish SPF records.

Also, publishing records would encourage people to think that SPF is
anything more than a fundamentally broken attempt to solve a specific
problem (sender verification) for which there are better solutions.

Given the brokenness of SPF, I'd be a _bad_ neighbour if I encouraged
people to deploy it, IMHO.

--
dwmw2