Charles Gregory wrote:
Proposal: "Personal SPF" - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or range of
IP's which they would be 'stating' are the only possible sources of their
mail.
The only other possible work-around for this is to enforce a 'hard' SPF
and establish 'pop before SMTP' or 'SMTP auth' protocols, then spam our
membership informing them that use of our server is mandatory. But that
would cause problems, because we don't really know *who* is using third
party servers, and too many of them wouldn't read the notice... :(
Why do you think it would be easier to get those of your users that send
through other servers to publish a personal SPF record with correct
information about the external IP address of the outgoing relay they use
than it would be to get then to use SMTP auth with your servers?
How many users have any idea at all about the external IPs of their ISPs
mail relays?
How many of the users who do have a good idea about the external IPs of
their ISPs mail relays have no idee how to tell their mail client to
send using use authenticated SMTP with your servers?
I might just be confused, but to me it seems that your solution requires
more from your users, not less.
And, even if (big, big if) the big mail receivers (Yahoo, Google, big
ISPs, etc) does eventuelly support your personal SPF, it'll take years
until it becomes effective.
Regards
/Jonas
But if we had a 'personal' system, then for as many members as we reach
(who pay attention to notices), we could them 'opt-in' to a voluntary "I
only send my mail from here" type of system, and then that would at
least provide *some* address protection/confirmation.
Do they all have static IP addresses or do you imply allow users from
dynamic addresses to send mail directly?
As noted above, we can control our (dynamic) dialups, but not third
party usage. So effectively, anyone, anywhere, can use an hwcn.org
return address. This is something I'd really like to limit to legitimate
users
without enforcing use of our mail server only (though I realize this may
be the best long term solution for us).
OF course, my suggestion also hinges on whether there are a sufficient
number of other systems out there in a similar 'position' as us, who
would also benefit from this 'next level' of SPF verification...
- Charles
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
