On Thu, 24 Jun 2004 09:19:41 -0400, Mark Bucciarelli <[EMAIL PROTECTED]> wrote: > Q: Do all hotmail accounts have Caller-ID records? >
(Sorry about the broken replying in my last message) It's not about hotmail *accounts*, it's either hotmail.com has published SPF/Caller-ID records or not. I can't check from where I am now, but try: # host -t MX hotmail.com Also, try: # host -t MX gmail.com The last time I checked, hotmail didn't have any TXT records anymore, either Caller-ID nor SPF. I am almost sure it had published Caller-ID records before. In the other hand, Gmail has a "-all" SPF record, which is nice for us mail admins, who could block fake @gmail.com - like those @yahoo, @msn, @hotmail that come all the time. They are usually blocked by some other methods, but some pass. I disagree with Craig Sanders. I understand that "their users have legitimate needs to send mail using their address from any arbitrary location, which is exactly what SPF works to prevent.", but that's why there is "~all" and other partial, graylisting options. And the *hope* is mail servers that doesn't use SASL authentication to do so. I think SPF can help a lot, because phishing and spamming are very related. One can be fooled to read a mail from "[EMAIL PROTECTED]" just because he thinks it is legitimate. This happens all the time. (it could be hotmail.com or any other domain) Btw, a very important feature I use in some implementations is that the mail server will not accept mail from its own domains if the user is not authenticated, even if the final destination is a valid user. I've noticed a lot of spam comes with a MAIL FROM (or From, I'm not sure) faked to the 'domain.tld' part of the smtp server greeting. This seems to work for me in most scenarios (all my users already have to authenticate using SASL, anyway). What are your thoughts? A small contribution: For those who are still in doubt, the idea of SPF is: one can only send mails with a @gmail.com sender address from those servers specified by SPF records in the gmail.com TXT domain record. If you want to send e-mail from somewhere else, you must ideally authenticate to gmail's SMTP server (SASL is the keyword here). If you send e-mail from somewhere else, my server will block you, since it has an SPF checker (postfix's spf policyd). This is been a very informative discussion. Thanks! -- Yves Junqueira www.lynx.com.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
