--On Thursday, August 5, 2004 11:37 AM -0700 [EMAIL PROTECTED] wrote:
Joseph Brennan wrote:We published SPF a month ago for columbia.edu and found a handful of systems in Europe rejecting mail with it! We changed it to ~all in an attempt to tell those guys it's not required yet.
So... someone was sending mail as From: columbia.edu To: someone in Europe Received-By: a server not listed in your SPF record
but you still wanted it to go through? What was it?
One was from our user on a Verizon dialup where he was required to send through Verizon's smtp server. He reported port 587 was blocked so he could not do smtp auth to our server. This has not been confirmed.
One was from an IP on campus but not routed through our smtp server. Solution is to use our server or send with their own subdomain in the sender address. They chose the latter.
Since this is still a proposed standard we had not publicized its impact to our user community. MSN-Hotmail is proposing to use it for scoring, which sounds reasonable. I was surprised anyone would use it to reject especially at this time.
What is recommended for things like "send this page to a friend", where the initiator wants to be able to have a remote machine send on his behalf despite an SPF to the contrary? MAIL FROM: <> From:? From: <> Sender:? From: <> Reply-To:?
The SPF advocates say all such systems must use an envelope sender with their own domain in it. The header From: can still show what human sent it. While this sounds like the right thing to do, I wonder how fast it can really be implemented and what pain will be caused in the meantime.
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
