On Mon, 4 May 2009, Jonas Eckerman wrote:
Why do you think it would be easier to get those of your users that send through other servers to publish a personal SPF record with correct information about the external IP address of the outgoing relay they use than it would be to get then to use SMTP auth with your servers?
Strictly speaking, getting them to use it consistently and properly will be MORE difficult, but unlike SMTP auth, there is nothing I need enforce on all users at once, and the default condition is a 'neutral' result. PSPF=NONE. Anyone who doesn't get the e-mail notice (or ignores it) will continue as usual. Naturally, this means that the effectiveness of the
query will be less at first. :)
How many users have any idea at all about the external IPs of their ISPs mail relays?
(nod) That would be one of the technical hurdles of this. Each ISP would need a published PSPF Server record identifying all *possible* outbound mail servers that any connected client could use, and then someone setting up their PSPF would use a 'lookup' function to get that information, and paste it into the opt-in form for the host serving their domain name.
How many of the users who do have a good idea about the external IPs of their ISPs mail relays have no idee how to tell their mail client to send using use authenticated SMTP with your servers?
Presumably the burden of instruction will fall on ME. But again, those instructions need to be *read*. So the default condition for someone who ignores that settings would be to have their address treated as PSPF:None.
I might just be confused, but to me it seems that your solution requires more from your users, not less.
Yes, it requires a bit more. But for that effort, we also get a mechanism that when queried will serve the purpose of "SMTP callback", without the expensive SMTP trasnactions (and DDOS possibilities).
And, even if (big, big if) the big mail receivers (Yahoo, Google, big ISPs, etc) does eventuelly support your personal SPF, it'll take years until it becomes effective.
(nod) And, as I asked at the beginning of this thread, we would have to decide if there is a sufficiently large proportion of addresses not already covered by standard SPF that would benefit from this idea, and whether the 'extra' hits on DNS (and caching) would be too heavy.
I'm not too sure of this idea myself, but its simple ideal has benefits, so I figure its worth tossing around.... :) - Charles
