Autor: David Woodhouse Data: A: Avleen Vig CC: exim-users Assumpte: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Mon, 2004-03-22 at 00:42 -0800, Avleen Vig wrote: > That, and someone else needs to adopt it before I'll adopt it.
> I've been the guinea pig enough times and it gets tiring :-)
Well if you _will_ deploy something obviously broken just because it's
fashionable... :)
> While blocking MAIL FROM:<> might not been a good idea always, it IS a
> good idea if you're getting massively joe-jobbed. You just need to
> remember to fix it afterwards to accepting again.
Blocking bounces to certain addresses which never send mail makes sense
-- but not to addresses which do send mail. However, it's trivial to
arrange that your 'real' address never sends mail, so you don't have to
accept bounces to it.
> Similarly, SPF might not be for you. No-one said you have to block mail
> based on SPF. But as a good neighbour I believe you should spend the few
> moments it takes to add a DNS record to help other people.
But there _are_ people who block mail based on SPF. I were to publish
records (other than ?all) that would cause those broken setups to reject
valid mail from my users. As a good administrator I therefore shouldn't
publish SPF records.
Also, publishing records would encourage people to think that SPF is
anything more than a fundamentally broken attempt to solve a specific
problem (sender verification) for which there are better solutions.
Given the brokenness of SPF, I'd be a _bad_ neighbour if I encouraged
people to deploy it, IMHO.