Erik de Castro Lopo <[EMAIL PROTECTED]> writes:
> John Ferlito wrote:
>
>> In my opinion SPF pretty much protects you from one thing, joe-job
>> attacks. ie bounces where someone else has used your domain as the
>> from address.
>
> Bingo. That alone is worth the (very cheap) price of admission.
While I agree with the other parts of this, the price of admission is
low *only* for leaf sites, and then only for sites that have a tightly
controlled user base.
Replacing my email infrastructure, which only services a dozen people,
would cost me somewhere on the order of twelve hours which I cost at
around $1,716 -- before overheads like an outage for the process -- in
order to obtain support for SRS.[1]
For someone larger, like many of my clients, this would actually
increase significantly from there.[2] Migrating a Lotus Notes or
Exchange environment to use SRS is hard(tm).
Regards,
Daniel
Which isn't to say that it wouldn't be worth the cost, just that it
isn't nearly as small as you seem to suggest.
Footnotes:
[1] ...without SRS I would need to modify the server to forbid .forward
style mail forwarding, which would otherwise cause me to send mail
outside compliance with SPF. This would be ... difficult, actually.
[2] In fairness, for others it would be a relatively trivial
modification to deploy SRS. It all depends on their platform, and
how much budget they have for inserting other servers in the
outbound path...
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
