[CentOS] Reject Action For SPF

Thu May 3 22:18:23 UTC 2012
John Hinton <webmaster at ew3d.com>

On 5/3/2012 1:16 PM, Prabhpal S. Mavi wrote:
>> 1. SPF was not designed to be used this way. It is doubtful that anyone
>> has written anything that even remotely considered this option in use.
>> You will likely have to write it yourself.
>> 2. SPF is still in RFC testing, so it is not yet a full internet
>> standard. And once it is, the standard still does not condone using it
>> the way you intend. IOW, there is nothing in the standard that states
>> you must have a SPF record to be a legit email domain. Basically, you'll
>> have a broken mailserver. We are actually stuck with having to take ours
>> off for the moment as one 'service' we use demands sending email from
>> their mailservers using our email address and they still have no SPF
>> record.
>> If you do this, most likely you will not get around 90% of the good
>> email as SPF is not widely used as of yet. But I guess if you are only
>> interested in receiving email from a few 'known' domains... it could
>> work. Seems it would be easier to just blacklist all and whitelist the
>> few? If it is just for internal... perhaps a webmail system with no
>> outside email ability would be the way to go?
> Dear Hilton. J
> Thanks for your advice, i actually know this. what would you say about
> those who put there efforts to implement SPF. why they do it?
I have been on the SPF list since before Microsoft just about killed it. 
SPF is perhaps the most misunderstood function in the email world. It is 
not a spam filter. The SPF website will tell you that very early on. It 
is quite simply this. It is to battle domain spoofing. Or, to battle the 
use of a legit domain in a from address sent by a spammer woh has no 
rights to use that domain name. It is and always will be voluntary, as 
some domains simply cannot implement it. Their systems are too complex 
and the TXT record in bind won't allow enough characters. There are some 
other good reasons to not use it... or good situations where you are 
forced to not use it. Either way, it is simply a statement to the world 
that email from my domain should be coming from these IP addresses and 
that is all it is. The receiving end can choose what to do with that 
information. There is a gray area between it being called a spam filter 
or not... The SPF folks won't let you call it a spam filter.

It can do a really good job of avoiding finding your mailbox full of 
bounce messages, but that will only be reduced by the number of systems 
which did SPF checks. Ultimately, I think it will be a great thing, much 
like RevDNS is now, but we couldn't really get hard core on RevDNS until 
most of the major providers did. If you can't send email to AOL, 
Comcast, Netscape, Gmail and so on, then why should you be able to send 
to me?

If you are planning to run a legit world facing email server, planning 
to use SPF as you are will make it a very broken system and it will not 
be anywhere near RFC compliant.

John Hinton
> Thanks / Regards
> Prabh S. Mavi
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

John Hinton
877-777-1407 ext 502
Comprehensive Online Solutions