On 25-Jun-06, at 7:01 PM, Jim Hermann - UUN Hostmaster wrote:
Personally, nowadays I believe bouncing messages back to
the alleged
sender
That's not what he's asking. He wants to know whether asking ISPs to
implement SPF checks (where they don't yet check SPF) will work.
I'm not convinced that is what he meant but he wasn't clear about it
so I wont argue with you on that point.
There are at least two ISPs involved:
Spammer A => SMTP Server B => Recipient Server C => (Bounce) =>
Forged Email
Server D
As the Email Server D, I was asking about complaining to SMTP
Server B,
since Spammer A was probably an authenticated user.
Well, you know how I feel about this. I only came to my opinion on it
through my own attempts at trying to reach ISPs who I thought I could
educate. Those attempts grew old after a while and I moved on and
accepted that fact that there were just too many to try and reach.
I already use SPF HARDFAIL, so I could ALSO complain to Recipient
Server C
about NOT using SPF to reject the email from SMTP Server B.
Yeah, I checked the TXT records on the domain you were mailing from
and noticed that. I thought you meant other domains you administered
but were not yet set to HARDFAIL.
Here I think there's a chance of educating some people about SPF who
may not otherwise be aware of the tech or are not yet convinced of
the benefits. Your approach with regard to the subject with the ISP
in question will determine whether you can convince them to implement
SPF or not. An angry message complaining about the bounced email will
probably not work as well as a message that tries to educate them
about the benefits of SPF.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
T: 416-247-7740
F: 416-247-7503
