David Woodhouse wrote:
> On Fri, 2004-04-23 at 20:01 -0700, Marc Perkel wrote:
>
>>OK - Trying to grasp the SPF concept.
>>
>>I do email hosting for a variety of domains, but I'm not an ISP. My
>>users are unsophisticated and spread out - often mobile.
>>
>>Some tunnel back to my server to send email from "the source" but most
>>use their local ISP for outgoing SMTP service.
>>
>>So - is this SPF for me? Can I use this to "bless" those who originate
>>from specific IPs without penalizing those who roam?
>
>
> You could publish an SPF record which ends in '?all'. It's essentially
> then a whitelist which says mail from your own servers is definitely OK,
> and from anywhere else is unknown. People could perhaps use that to
> avoid sender verification callouts for mail coming directly from your
> own machines.
>
> Personally, I wouldn't bother. If SPF is only ever going to be used with
> '?all' then it's fairly pointless, and if it's used with '-all' then
> it's just broken. I prefer not to lend it legitimacy by publishing
> records.
SPF records with tailing ?all after some +xxx entries may be useful
anyway e.g.
* MTA may use greylisting (refuse first delivery with 4?? error) for
?xxx entries but not +xxx entries
* MTA may do "in session" AS and AV check for ?xxx entries but "after
SMTP session" checks for +xxx entries [it may reduce requirements for
MTA "horse power"]
Both above suggestion would greatly benefit from "SPF credibility list"
- a service with credibility assessments of SPF recods of particular
domains (overall credibility and +xxx entries credibility): mail/spam
and bad_sender/all_messages.
>[...]
--
Andrzej [en:Andrew] Adam Filip anfi@??? anfi@???
http://anfi.homeunix.net/ http://slashdot.org/~anfi
