Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Tim Jackson
Data:  
Para: exim-users
Assunto: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
Hi Fred, on Mon, 22 Mar 2004 09:10:00 -0800 you wrote:

[ about 'rDNS == IP A == HELO ]

> I can only assume that you guys have never tried this on a business
> or public (ISP) server. The false positive rate is *way* too high
> for this test to be practical for blocking or quarrantining.


I think you're missing the point. Yes, it's impractical in most
environments at present, and achieving practicality seems very distant. No
more distant, however, than getting the entire world to munge their
forwarding mechanisms so that SPF works to an equivalent level of
practicability.

(to stop this already OT thread going round in circles, I shall reiterate:
yes, they're not doing the same thing, but I moderately strongly believe
that a similar end result, or at least a significantly beneficial one,
could potentially be achieved)

[ and pulling in another mail from the same author/thread... ]

> What do you think would be the impact on MSN if they started to block a
> substantial amount of legitimate mail from reaching their
> subscribers?


Going fully into pragmatic mode, I'll tell you what would happen.

For a few days, $LARGE_PROVIDER would reject ridiculous amounts of mail.
Some people (probably the ones who whinge lots about spam whilst
simultaneously calling themselves "system admins" because they can click a
few buttons on some crap commercial mail software) would get stressed,
complain that the world was falling in, and shout expletives at anyone
around.

After sulking for a bit, they would then find out how to fix their
mailservers, and/or (perhaps most likely) find workarounds (such as
relaying through their ISP).

> How can you imagine they could do such a thing, when even you can not?


I am really seeing mine & Edgar's points going flying straight over your
head here. The point is that doing it on a small scale hurts yourself, but
is unlikely to persuade significant amounts of the rest of the world to
change. However, if implemented (especially at the same time) by just a
small number of very large providers, the rest of the world WOULD change,
because rightly or wrongly, and again being very pragmatic, a lot of
people will set "can I send mail to hotmail/AOL" as a benchmark as to
whether they have configured their systems well enough.

(Again: I don't like the power that these providers have, because they
could equally well force any bad solution they fancy on the rest of us,
but in this case they could at least put some of their power to good use)

Yes, some mail would get rejected for a short period of time, from people
with badly-configured systems. But very shortly after, the benefits would
vastly outweigh that small "blip". (Again, remembering that these sort of
things always seem worse at the time - life goes on though).

Tim