Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our
outgoing email be channeled through our ISP's mail server, instead
of having our customer-assigned IP addresses directly connect to
other people's mail servers?
And forcing users to use their ISP's mail server efficively defeats SPF
How so?
I'm assuming a home business owner owns and uses their own domain and
has the ability to set up SPF records for that domain. If you are
routing your outbound mail via your ISP's MTAs, just grab your ISP's
SPF record and use it for your domain. If your ISP is doing SPF checks
you might need to talk to their MTA via SMTP AUTH to bypass that test.
a) an average user has no knowledge of SPF and cannot setup such a
record correctly
Average users don't have a clue about security, so this is a non-point
because they are unaware that they themselves are helping the spam problem.
b) most providers (at least around here) dont allow users to freely
modify their dns zones
True, what stops those who know what they are doing from registering
outside the ISP? I found this to be much more cost effective. Run your
own DNS servers. The average user won't do this. They will be content
with using what the ISP have given them (5 email addresses, 100MB of
storage for example.)
c) users using laptops might be using many different providers - the one
at home, the one in the office, one on the road, an occasional wlan one
- you just cant include all these provider's MTAs that you might ever be
using
True, however, there is still VPN for these sorts of things. I don't
think I would trust another provider's MTA to deliver content sensitive
mail. You can never know if the other person got it because you are not
directly in control.
I agree for (some) businesses this might be doable as long as their guys
aren't travelling or home working too much but it's impossible for
privately owned domains or when the users use their emails from all
their private ISPs at home
Matt
Just for those who don't have the know how or the man power.
--
Thanks,
James
