Auteur: Edgar Lovecraft Date: À: exim-users Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
Fred Viles wrote: >
> | Fred Viles wrote:
> | >
> | > | Hi Edgar, on Sun, 21 Mar 2004 20:43:55 -0600 you wrote:
> | > |
> | > | > Here is another of my nieve 'fixes' for these things...
> | > |
> <snip>
> | > | > start forcing ALL email they accept to have 'rDNS == IP A ==
> | > | > HELO name',
> |...
> | > I can only assume that you guys have never tried this on a business
> | > or public (ISP) server. The false positive rate is *way* too high
> | > for this test to be practical for blocking or quarrantining.
> |...
> | I keep track of such information at an ISP level as an ISP, that is
> | about all as you are correct, I cannot 'put this into full effect' as
> | of now.
>
> So you *know* what you are advocating is impractical.
> What I advocate is no more impractical than those that advocate SPF.
Also, what I advocate is really nothing more than what SPF advocates for
SPF implementation (they realy realy realy strongly suggest this as well) >
> | But just because I cannot do so currently, does not mean that I should
> | not advocate that it should be used.
>
> I disagree. Advocating that admins to set up what you view as proper
> rDNS would be fine, but you are advocating that admins set up a system
> you know perfectly well will block a lot of legitimate mail. That is not
> ethical IMO.
> Go back over my postings, I have said that this 'should be implemeted first
by those that will force a change', and I also am very prudent in always
stating that if this is used currently as a 'deny' that you will lose email
bothe good and bad. I DO WARN, so how is this unethical? Is it some how
more unethical than those that advocate Spamassassin, or SPF? >
> | And, I said in several other posts, MY user base is too small to force
> | this change, however, if several of the large ISP's (AOL, MSN,
> | Comcast?) do this, people WILL follow.
>
> You have a small user base, and can not afford the collateral damage.
> Yet you want services with millions of users to adopt it. What do you
> think would be the impact on MSN if they started to block a substantial
> amount of legitimate mail from reaching their subscribers?
> How can you imagine they could do such a thing, when even you can not?
> Because, just as I currently do, AOL, MSN, and others, can encourage the
'rDNS == DNS A == HELO name' by giving 'prefered' service to those MTA's
that are 'correct' in this manner, and delay in various ways, the
connection to those that do not. Then after some time (6 months? 1 year?)
move to the "we gave you plenty o' warning, comply or we deny" stage. This
is the same approach they are already taking with SPF is it not?
Connection information such as DNS PTR records, HELO/EHLO strings, and the
such are very usefull for information, but curently it is 'bad' practice to
out right deny on that information, but again, this is where things such as
'prefered service' come into play.
Like I said before 'I keep track of such information at an ISP level as an
ISP, that is about all'. Notice the 'about all' I did not say I do not use
the information for usefull purposes.
Lastly, there is nothing wrong in a 'staged' approach, but we have to start
somewhere to get things 'back to the standards' for email compliance to
message header/body formats, content, etc, and with a few minor addidtions,
such as 'rDNS == DNS A == HELO name'.
You can also try to 'deny' every 'malformed' message that does not comply
with the RFC's on message header/body formats, but there again, there are
too many broken MUA's currently to make this a 'good' thing (MS OE and
Outlook are the big ones).
So if we all just wait around and do not advocate change, then we will just
have the same problems we do now 'till when? forever?
So again, how is my approach any more unethical than SPF or other types of
changes when done in a stair step way?
Otherwise, lets all toss our hands in the air and just give up ;)
--