--On 3 April 2006 13:22:16 +0100 David Woodhouse <[EMAIL PROTECTED]>
wrote:
On Mon, 2006-04-03 at 13:14 +0100, Ian Eiloart wrote:
True, but I'd hope that those institutions have proper controls. In our
case we'd be able to track a student abusing the network, and we're very
soon going to firewall all but our official servers, so that they can't
send mail out on port 25.
By those arguments it would be acceptable just to whitelist all mail
from hosts where the reverse DNS matches *.ac.uk (assuming the forward
DNS confirms it, of course).
Well, I suppose that's the logical conclusion. So, why do I want to use SPF
records? I guess it's because I know that *our* entire IP range isn't
entirely trustworthy-though spam leakage is rare. The SPF mechanism allows
me to say which of my servers are trustworthy.
Also, the presence of SPF records is evidence that an institution has
thought about which IP addresses are trustworthy.
Just depends how permissive you want your whitelist to be, I suppose.
Yep. In fact, I'd probably want to list specific domains to trust, and that
list might not include all .ac.uk domains.
--
dwmw2
--
Ian Eiloart
IT Services, University of Sussex
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
