[CentOS] Reject Action For SPF
John Hinton
webmaster at ew3d.com
Thu May 3 22:18:23 UTC 2012
On 5/3/2012 1:16 PM, Prabhpal S. Mavi wrote:
>> 1. SPF was not designed to be used this way. It is doubtful that anyone
>> has written anything that even remotely considered this option in use.
>> You will likely have to write it yourself.
>>
>> 2. SPF is still in RFC testing, so it is not yet a full internet
>> standard. And once it is, the standard still does not condone using it
>> the way you intend. IOW, there is nothing in the standard that states
>> you must have a SPF record to be a legit email domain. Basically, you'll
>> have a broken mailserver. We are actually stuck with having to take ours
>> off for the moment as one 'service' we use demands sending email from
>> their mailservers using our email address and they still have no SPF
>> record.
>>
>> If you do this, most likely you will not get around 90% of the good
>> email as SPF is not widely used as of yet. But I guess if you are only
>> interested in receiving email from a few 'known' domains... it could
>> work. Seems it would be easier to just blacklist all and whitelist the
>> few? If it is just for internal... perhaps a webmail system with no
>> outside email ability would be the way to go?
> Dear Hilton. J
>
> Thanks for your advice, i actually know this. what would you say about
> those who put there efforts to implement SPF. why they do it?
I have been on the SPF list since before Microsoft just about killed it.
SPF is perhaps the most misunderstood function in the email world. It is
not a spam filter. The SPF website will tell you that very early on. It
is quite simply this. It is to battle domain spoofing. Or, to battle the
use of a legit domain in a from address sent by a spammer woh has no
rights to use that domain name. It is and always will be voluntary, as
some domains simply cannot implement it. Their systems are too complex
and the TXT record in bind won't allow enough characters. There are some
other good reasons to not use it... or good situations where you are
forced to not use it. Either way, it is simply a statement to the world
that email from my domain should be coming from these IP addresses and
that is all it is. The receiving end can choose what to do with that
information. There is a gray area between it being called a spam filter
or not... The SPF folks won't let you call it a spam filter.
It can do a really good job of avoiding finding your mailbox full of
bounce messages, but that will only be reduced by the number of systems
which did SPF checks. Ultimately, I think it will be a great thing, much
like RevDNS is now, but we couldn't really get hard core on RevDNS until
most of the major providers did. If you can't send email to AOL,
Comcast, Netscape, Gmail and so on, then why should you be able to send
to me?
If you are planning to run a legit world facing email server, planning
to use SPF as you are will make it a very broken system and it will not
be anywhere near RFC compliant.
Best,
John Hinton
>
> Thanks / Regards
> Prabh S. Mavi
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
More information about the CentOS
mailing list