The page: http://spf.pobox.com/esps.html talks about SenderID instead of
SPF.
I understand that technically SPF and SenderID are practically the same
thing and that now Microsoft has removed patents, making SenderID
acceptable to companies such as AOL who have already announced renewed
support for it.
The time has (finally) come for us to accept that SPF and SenderID were,
are and will be the exact same thing.
<flameproofjacketon/>
Jeremy Pullicino
Software Engineer
-----Original Message-----
From: owner-spf-deployment@v2.listbox.com
[mailto:owner-spf-deployment@v2.listbox.com] On Behalf Of Meng Weng Wong
Sent: Tuesday, October 26, 2004 12:39 AM
To: spf-deployment@v2.listbox.com
Subject: Re: [spf-deployment] Practical guidance for ESP's
On Mon, Oct 25, 2004 at 06:31:40PM -0500, David Crooke wrote:
|
| I hope I haven't started too big of a food fight with my last question
:-)
|
| Here goes with the underlying concern, and I'd be interested in a
| pragmatic, objective answer rather than bleeding edge or one that is
| partisan to one standard or another.....
My web page of advice to ESPs is online at
http://spf.pobox.com/esps.html
I'd be happy to take feedback and make any changes
necessary. I will also address "what should ESPs do" in my
forthcoming whitepaper which will be officially released at
the MAAWG meeting November 2-3: http://www.maawg.org/
| 1. As an ESP (email marketing service provider), serving clients with
a
| wide range of technical skill levels, what should we be doing right
now?
|
| a. Continue to sit tight and wait for the SPF / Sender-ID dust to
settle
| some more**
| b. Attempt to have individual customers roll out individual SPF
records
| for each of their domains, as used in "From:" body headers
| c. Roll out a single SPF record for our bounce handler sending domain,
| as used in the "MAIL FROM:" SMTP command
definitely do this.
| d. Have our email software create an additional "purported responsible
| sender" header and add it to all outbound mail
this is probably a good idea too.
| 2. For option d. above, should we configure these for each client, or
| just use one "convio.net" sender?
either way works.
| Side question: what is the best place to look for
| documentation on how the "sender" address is calculated? I
| understand that the algorithms for SPF-Classic, Caller-ID,
| Sender-ID, SPF 2 all differ subtly.
the specs will make their way online soon. i'll follow up
again when they have a stable URL.
| 3. For whichever of the options is recommended for question 1., which
| DNS record types should we publish:
|
| a. v=spf1
| b. SPF 2.0
| c. "Caller ID style", i.e. _ep.foo.org with XML data
| d. Some combination of the above
(a) only --- all software reading the PRA will read v=spf1.
you can use spf2.0/pra as an override iff the information
for a domain when read in PRA context differs from the
information when read in mail-from context.
i should probably give some examples. but i'm working full
steam on the white paper and i'll all the examples in there :)
| 4. Applying question 1. to "tell a friend about this website"
| functionality, where we are generating email with "From:" addresses
from
| all over the internet, option b. is not applicable ... should we do c.
| or d. or should we even consider not putting the user's address in the
| From: and using within a client's domain?
you can either set Sender: to be yourself, or change the
From: to be yourself and put the user's address in the Reply-To.
-------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
SPF.
I understand that technically SPF and SenderID are practically the same
thing and that now Microsoft has removed patents, making SenderID
acceptable to companies such as AOL who have already announced renewed
support for it.
The time has (finally) come for us to accept that SPF and SenderID were,
are and will be the exact same thing.
<flameproofjacketon/>
Jeremy Pullicino
Software Engineer
-----Original Message-----
From: owner-spf-deployment@v2.listbox.com
[mailto:owner-spf-deployment@v2.listbox.com] On Behalf Of Meng Weng Wong
Sent: Tuesday, October 26, 2004 12:39 AM
To: spf-deployment@v2.listbox.com
Subject: Re: [spf-deployment] Practical guidance for ESP's
On Mon, Oct 25, 2004 at 06:31:40PM -0500, David Crooke wrote:
|
| I hope I haven't started too big of a food fight with my last question
:-)
|
| Here goes with the underlying concern, and I'd be interested in a
| pragmatic, objective answer rather than bleeding edge or one that is
| partisan to one standard or another.....
My web page of advice to ESPs is online at
http://spf.pobox.com/esps.html
I'd be happy to take feedback and make any changes
necessary. I will also address "what should ESPs do" in my
forthcoming whitepaper which will be officially released at
the MAAWG meeting November 2-3: http://www.maawg.org/
| 1. As an ESP (email marketing service provider), serving clients with
a
| wide range of technical skill levels, what should we be doing right
now?
|
| a. Continue to sit tight and wait for the SPF / Sender-ID dust to
settle
| some more**
| b. Attempt to have individual customers roll out individual SPF
records
| for each of their domains, as used in "From:" body headers
| c. Roll out a single SPF record for our bounce handler sending domain,
| as used in the "MAIL FROM:" SMTP command
definitely do this.
| d. Have our email software create an additional "purported responsible
| sender" header and add it to all outbound mail
this is probably a good idea too.
| 2. For option d. above, should we configure these for each client, or
| just use one "convio.net" sender?
either way works.
| Side question: what is the best place to look for
| documentation on how the "sender" address is calculated? I
| understand that the algorithms for SPF-Classic, Caller-ID,
| Sender-ID, SPF 2 all differ subtly.
the specs will make their way online soon. i'll follow up
again when they have a stable URL.
| 3. For whichever of the options is recommended for question 1., which
| DNS record types should we publish:
|
| a. v=spf1
| b. SPF 2.0
| c. "Caller ID style", i.e. _ep.foo.org with XML data
| d. Some combination of the above
(a) only --- all software reading the PRA will read v=spf1.
you can use spf2.0/pra as an override iff the information
for a domain when read in PRA context differs from the
information when read in mail-from context.
i should probably give some examples. but i'm working full
steam on the white paper and i'll all the examples in there :)
| 4. Applying question 1. to "tell a friend about this website"
| functionality, where we are generating email with "From:" addresses
from
| all over the internet, option b. is not applicable ... should we do c.
| or d. or should we even consider not putting the user's address in the
| From: and using within a client's domain?
you can either set Sender: to be yourself, or change the
From: to be yourself and put the user's address in the Reply-To.
-------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com