Tom McDonald wrote:
We should try and get some perspective here. Blogware *was* given authorization to send mail as "From: [EMAIL PROTECTED]" as this is controlled within your own blogware account settings which *you* manage: Settings-->Article Notifications
Who gave authorization? There are a number of different "me"s in play here, who could easily be different people in a larger shop, or outside of the testing phase.
There is "me the mail server admin", and I publish my opinion by SPF -- I haven't given any such authorization. I'm using ~all instead of -all for the moment, but that will likely change over the next few weeks, especially once AOL starts refusing SPF:fail mail (which is targetted for the end of the summer, if anyone hasn't heard)
There is "me the OpenSRS reseller", who doesn't have the authority to give Blogware permission to use one of my customers' email addresses.
There is "me the customer", who has not entered an email address into Blogware anywhere or enabled any sort of email features.
If the "me the OpenSRS reseller" made a typo on the email address, the "me the customer" could end up sending from *your* email address without even realizing it.
--- NOTE: --------------------------------------------- A) You do not have to allow for article notifications... this is a knob. B) You get to control which address is used for the outbound email. ---- End Note ------------------------------------------
If you enforce SPF with your spam filters, one would typically think that you would be careful with what services or locations you use when mail can be sent as "From: you". Granted, you may not have looked across the entire area of settings or known what every bit means.
I hadn't yet (when I wrote the message), and I'll bet that 95% of my customers never will. I started out with the basic features, posting to the blog, customizing themes, things that just about everybody will do. I went from there to submitting by email, and subscribing to the blog, since I could see both of those being used frequently by my target market (more on that later)
Most of my customers smart enough to understand the ramifications of enabling email options, or to understand what SPF is and does will probably know how to download any of the dozens of PHP blog scripts on the net and run their own personal blog on their existing webspace, or on a friend's webspace, for free. I know, because I have most of them bookmarked, and I've paid attention to the styles, layouts, and commonly used features ever since I heard about Blogware. In other words, I don't see technically minded customers as a target market for this product.
The target market I see for this isn't "blogging" in what I see as it's most common usage right now, meaning a teenager writing about why his/her life sucks.
Rather, in my customer base I see this being marketed to bulletins/updates, almost like mini-newsletters, allowing for feedback (Similar to Ross' blog). The key is that it's a content publishing system when any PHB can manage, and anyone who can write email can figure out how to publish on a blog (even if only by sending email to the blog, and having someone else handle the set up on their behalf).
I have a church that is already running a blog for the minister, and for each of the groups (youth group, seniours group, unattached singles group, "boring mature people with no lives"* group, and whatever else they've dreamed up). I don't host that portion of the site right now, but I may look at moving them over to blogware in the near future.
* "boring mature people with no lives" is self described, not my description. It's a 50+ dating group, as I recall :)
In this context, expecting "them" (the customer) to do anything other then type their text is probably asking too much. The defaults should be set in such a way that they'll work for everybody in the least painful method possible.
My suggestion would be to do something like a default address of [EMAIL PROTECTED] which would either forward replies to the owner, or show up in the blogware interface somewhere. This would also give Blogware the ability to handle bounces so that Blogware doesn't keep hammering on a dead address forever if the owner doesn't do anything about bounces.
Better yet, bloghostname-<timestamp>@blogs.blogware.com where the address would only be good for a week, after which it would be automatically dumped.
But your "blast" was harsh enough for one to assume that since you expect so much from the developers and are ready to hammer on them, you might have done some homework first.
It might make sense for blogware to allow for you to choose an "@blogware.com" account for your source email and it is something that should be considered, no doubt. A [civil] note to this end would start the ball rolling as much as a judgmental one though civility is so much easier on the ego.
Yes, in fairness I did overreact, and for that I apologize.
Dave, I've been on this list for a long time and I generally love your contributions. In this case it seems to me that you slammed folks for not following your [email filtering methodology] faith and that is out of character for you.
Yes it was, and I apolgize to OpenSRS' staff. That was written after about 36 hours without sleep (which is normal for me, although I usually am smart enough to save mail and send it after rereading it when I'm fully awake), much of it being spent cleaning up after +/- two hundred thousand bounce messages hit my servers (Which only average 20,000 messages/day normally), so mail spoofing (in this case, a spammer working through proxies) is a touchy spot with me at the moment.
While that doesn't excuse me making a public ass of myself, hopefully it helps to explain my... ahhh... passion in this area.
Hopefully I didn't snip anything too important, but this message is long enough as is.
--
The nice thing about standards, there is enough for everyone to have their own.
