> > I get a lot of E-mail that would fail SPF that is in fact valid. A > > lot of mail scripts and E-commerce sites are set up to send E-mail > > notifications with the Mail From generated from a user submission > > (since one can just simply press reply in order to respond). > > Many e-commerce sites do this type of stuff improperly. They > should use an address from their site as the from with the > reply-to header for where you ar to reply to.
I'd agree. Admittedly that's not how our own sites are set to work right now but I'd change them to confirm to new standards aimed at improving email authenticity and reducing spam. The internet community has to be proactive and cooperative if things are to improve. > > Also, some of my own customers are blocked by their ISP's > from using > > my mail server for SMTP, which means that if I configured > SPF strictly > > for their domains, they would fail this test wherever implemented. > > You could setup port forwarding for the users that are > blocked so their mail goes out your server. So instead of > using port 25 to send mail they could use port 925 for > example. The ISP probably is not blocking this. I'd accept this as an issue, but I'd say this one is down to the client. The client should be advised to choose an ISP who supports pro-active measures for reducing spam and improving email authenticity, or accept the fact that their emails may not be delivered to some companies/ISPs. This would be similar to clients who use ISPs that are black listed for whatever reason, or their own server is open relay, and then whinge when their emails don't get through. Alternatively you could add the IP range of their ISP to their domain records that you host - better than nothing. > > If you opt to use SPF on your system, take advantage of the > weighting > > capabilities of Declude, and I would suggest at most being very > > cautious about how much weight you give it. If a domain is using SPF, and an email is received from an invalid client IP, you should have the option to reject before receiving. However in the case with some of your domains, you'd probably use the neutral or pass all mechanism, allowing others to accept the email but apply a weighting to it. Wouldn't you agree? It's a two way thing, 1) up to the receive to decide how stringent they want to be 2) up to the hostmaster/postmaster to decide what other people should do with emails received from their domain not passing the SPF test. Regards, Lyndon. ************************************************ Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) ************************************************ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
