[courier-users] RE: freemail list and questions about yahoo...

Tue, 06 Jan 2004 20:17:42 -0800 

Roger B.A. Klorese <[EMAIL PROTECTED]> wrote:
> Julian Mehnle wrote:
> > But it *could* be.  You can set the following SPF record for
> > workdomain.com (if Earthlink has their own SPF set up correctly):
> > [...]
> 
> So my employer has to determine which networks I'm allowed to roam
> onto?!

See it this way: the domain owner has to determine which networks the domain users are 
allowed to send mail from.  It's not always about employer/emplyoee.  In fact, most of 
the time it will be ISP/customer.

> So when I travel on business, I should call the hotel a day or two ahead
> of time to ask who their service provider is and what their SMTP servers
> are, so I can ask the work NOC to add it as a valid sender?!

This is a good objection, agreed.  But YASAF doesn't really avoid this.  With YASAF, 
as an employee you may be better off because your employer entrusted you with his 
domain private key, but as an ISP customer, you can't send mail from "we're blocking 
port 25" hotels either.

> > Yahoo's scheme has the advantage that the owner of workdomain.com
> > doesn't have to open his domain to forgery from other domains (like
> > in the example above).  But as soon as a user @workdomain.com is
> > forced to send through a 3rd party SMTP relay (like in the example
> > above), either the user or that 3rd party would need access to the
> > workdomain.com private key to properly sign the sent messages.
> 
> Of course.  But it makes lots more sense for employees of workdomain.com
> to have access to its private key than it does for servers of
> randomroamprovider.net to. 

Of course.  But consider not employer/employee, but ISP/customer.  I'm 100% dead sure 
that less than 1% of ISPs will give their domain private keys away to their customers.

Additionally, any employer giving his domain private key(s) to its employees will have 
to generate new keys each time any (previously) trusted employee leaves the company.

> > So essentially, the difference in this regard between SPF and the
> > Yahoo scheme is that with SPF, the 3rd party must be trusted, while
> > with the Yahoo scheme, the 3rd party OR the user @workdomain.com must
> > be trusted.  I.e., with SPF, trust cannot be delegated to the user.
> 
> No, but you seem to trivialize the amount of work and the impractical
> and unreasonable policy involved in that difference.

Strangely, I think you're overemphasizing the difference. ;-)



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to