Hello Daniel
Daniel Lorch wrote:
The main reason, I guess, for slow SPF adaption is the fear of breaking something. As a hosting-only-provider we were facing the additional problem that many customers are not using our SMTP-server (even though they are advised to do so) but their ISP's. Forcing them to use our SMTP is not an option, so we were looking for a way of implementing SPF without breaking anything.
An other problem will arise if ISPs force there customers to use there own SMTP relay server because they are blocking outbound traffic to tcp/25. So this customers can not use the SMTP relay server of there domain hosting provider with SMTP Auth (and hopefully TLS) on tcp/25.
A possibility would be to switch to SMTP Auth with SSL over tcp/465.
But anyway, if you are forcing to use SMTP Auth with SSL/TLS the customer needs to have the certificate in his mail client or the hosting provider needs to have a certificate which is signed through one of the big CAs. I don't know how well this works with the differen mail clients.
My own experience is that most user do not use SSL/TLS for IMAP/POP2/SMTP even if I advise them to do so for security reasons.
I see still to many problems with systems like SPF, to much work for only a little advantage. Because if big domains like gmx or yahoo just put 0.0.0.0/0 in the SPF DNS entry it is just useless.
bye Fabian _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
