>On Mon, Aug 26, 2013 at 8:44 AM, Matus UHLAR - fantomas ><[email protected]>wrote: >> At my former job (an ISP), I recommended users to use SMTP service from >> they >> e-mail providers, because >> - if someone gets paid for mail service, they should provide SMTP too and >> not leave the expense from spam and phish issues onto us >> - it's not possible to verify the sender when we do not have the mailboxes, >> so we can not authenticate and verify the mail address >> - the same applies about SPF and DKIM, only the mailbox provider can be >> responsible for them.
On 26.08.13 10:00, Jan Ingvoldstad wrote: >That's interesting, several external mail service providers recommend the >exact opposite, at least for stationary clients (home computers etc.). Of course (some) mail service providers prefer this way. Who would want to solve problems with outgoing spam if they can leave them on the ISPs? >So while you, as an ISP, may not necessarily have been able to verify >senders, you had the effective means to deal with spammers and other, >criminal activity. The ISPs usually get informed about such activities even when customers use other mail providers. And since the world is full of free wi-fi's, roaming users, hacked computers with SMTP redirects, botnets, I don't see why an ISP would want to do that instead of someone who gets paid for the mail service? profiding SMTP Servibce means risking to get blacklisted and get your mail rejected, why should an ISP want that for roaming users? Yes, I have noticed an ISP who refuses to do external SMTP Authentication, although according to my experience more problems come out of unauthenticated SMTP. >Ideally, there would be decent mechanisms in place, but there are not, and >things like SPF and DKIM regrettably do not matter at all in anti-spam >measures – lots of the spam I see at work pass SPF and DKIM validation. Again a misunderstanding of what do SPF and DKIM provide. They are here to avoid mail forgery, not the spam. Yes, much of the spam is forged but it's still a complete different thing. And if you want to avoid forgery, you must usually authenticate at the entity who has your mailbox, not at your ISP. -- Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
