RE: SPF breaks email forwarding

[Michael Scheidell]

Title: Message

-----Original Message----- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 25, 2006 6:43 PM To: Michael Scheidell Cc: Daryl C. W. O'Shea; Spamassassin Users List Subject: Re: SPF breaks email forwarding If any of my customers fail to get any email that they are supposed to get then that's not acceptable. It does happen and when it does - I fix it. Several of my customers forward email from other account to accounts that pass through my servers. So if I used SPF then I would lose email to these customers.   so, don't the best thing about spf is you need two willing partners.   Michael Scheidell wrote: -----Original Message----- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 25, 2006 3:13 PM To: Spamassassin Users List Subject: Re: SPF breaks email forwarding You find me a large scale installation that is actually checking, and rejecting on, SPF records before DATA and isn't frequently rejecting mail their users want and I'll buy you lunch. You find me a large scale installation that is rejecting SPAM and isn't frequently rejecting mail their users want and I'll buy dinner. Lets face it: SMTP is broken, but the fixes are just compromises between allowing spam, viruses, phishing and email. Any changes to SMTP will break legitimate email. You wonder what happens if you enforce all the RFC's on email? How many large installations use 'localhost.localdomain' as the FQDN for their outbound helo? (send an email to [EMAIL PROTECTED] and see the headers!) How many large installations doesn't use ANY fqdn for RDNS, and the PTR and A records don't match? How many large installations don't have abuse@ or postmaster@ records? http://www.rfc-ignorant.org/tools/lookup.php?domain=hotmail.com http://www.rfc-ignorant.org/tools/lookup.php?domain=gmail.com http://www.rfc-ignorant.org/tools/lookup.php?domain=yahoo.com (with a bad whois record, can't they lose their yahoo.com domain :-)? Even if you enforce existing RFC's, you will drop email 'users want'. For 12 years, people have been arguing about how to fix it. If someone wants to advertise spf records, and wants to use ?all, or ~all if they are timid, more power to them. host -t txt microsoft.com microsoft.com descriptive text "v=spf1 mx include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com ~all" host -t txt hotmail.com hotmail.com descriptive text "v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all" host -t txt _spf.google.com _spf.google.com descriptive text "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" If a bank decides that forwarding email send to clients is a bad idea, and wants to publish -all records, that's fine also. If an ISP wants to trigger additional tests for email that softfails, or block at smtp session email that hardfails, then all they are doing is taking the suggestions of the sending domain. host -t txt chase.com chase.com descriptive text "v=spf1 ip4:170.148.48.0/24 ip4:159.53.36.0/24 ip4:159.53.46.0/24 ip4:159.53.110.0/24 -all"