Listen,
As I understand it, your original question was:
"How do I go about registering where the following conditions are true
email users connect in via their own isp and as a large number of ISP's
worldwide are currently blocking SMTP traffic to any but their own mail
servers
they have to send mail on this domain through other ISP's mailservers
which
means that mail from this domain can come through any ISP's mailserver
even
though the primary mail server does exist and most of our users go
through that
one "
If you want people to be able to send mail from your domain through
whatever smtp server just don't publish spf or publish +all. The
consequence: people you don't know will use your domain to send out spam
or whatever too. That's the consequence.
If you want to control who sends out mail pretending to be from your
domain, you will have to limit the number of ways in which mail from
that domain can be sent and publish spf on the domain stating the
limited number of options.
One way to do this is to include all the isp's the users of the domain
use, and have them send through the isp's servers. This has a couple of
drawbacks: any of the other customers of those isp's can also send from
the domain and it is impossible to keep track of all isps's used for
500+ domains.
Another solution is to get a centralized mail injection point, eg. an
SMTP-AUTH server, so that you only have to list that one server. Problem
with that apparently is that some ISP's block every port including port
80 (what good is such an isp anyway?), so that your clients can not
submit mail. Other options are: set up webmail, use a remailing service,
etc..
Why do ISP's block port 25? They don't want to be held responsible for
spam/virusses from their customers zombied machines. Ok, so why do
domain owners publish spf records? Because they don't want to be held
responsible for spam/virusses from their domains. Does the ISP care
about the domain owners? No. They just want to protect their reputation,
and therefore block port 25, and that's that.
So the choice is basically: keep allowing the flexibility of everyone
sending mail pretending to be from your domains or protect your domains
with spf and sacrifice the anyone-can-send-from-anywhere freedom that
made spam so great.
Now for your last reply, about it all getting silly. You there pose a
question that has nothing to do with the original question. First of
all, what is 'this all'. Could you clarify your question. If you want
straight answers, ask straight questions.
Koen
On Wed, Sep 15, 2004 at 11:57:46AM +0100, Peter Winning wrote:
> This is all getting very silly - why can't we get a straight answer to "why
> does this not interfere with traffic from a major ISP going through another
> ISP's SMTP server and yet it blocks our domain when going through the same
> route" and how can this be set up but don't tell us that they have all
> registered with SPF because I do not beleive that for a second
>
> ----- Original Message -----
> From: "Otto Willum Nielsen" <nielsen@awtoc.net>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, September 15, 2004 9:36 AM
> Subject: Re: [spf-help] Domain registration
>
>
> > Hi the Chinese are blocking port 587 so now what to do ?
> >
> > Regards
> >
> > Otto
> >
> > Peter Winning wrote:
> >
> > >They are using SMTP authentication but some of the ISP's still dont let
> it
> > >through - they are blocking all external SMTP traffic
> > >
> > >and as an example when sending through a yahoo mail server via a NTL
> email
> > >account the message went straight through to the recipients mailserver
> who
> > >is "protected" by SPF yet on my domains account using the same route it
> got
> > >blocked - try it and see - there is no need to mess around your users as
> the
> > >system to handle this is obviously in place
> > >
> > >So what i am asking is how did they do that because that is how i would
> need
> > >this to function
> > >
> > >Regards
> > >Peter
> > >
> > >----- Original Message -----
> > >From: "Nico Kadel-Garcia" <nkadel@merl.com>
> > >To: <spf-help@v2.listbox.com>
> > >Sent: Wednesday, September 15, 2004 1:29 AM
> > >Subject: Re: [spf-help] Domain registration
> > >
> > >
> > >
> > >
> > >>----- Original Message -----
> > >>From: "Peter Winning" <peter@iib.ws>
> > >>To: <spf-help@v2.listbox.com>
> > >>Sent: Tuesday, September 14, 2004 1:55 PM
> > >>Subject: Re: [spf-help] Domain registration
> > >>
> > >>
> > >>
> > >>
> > >>>I agree - and it is nearly impossible to ask 2000+ users 30% of which
> > >>>
> > >>>
> > >are
> > >
> > >
> > >>IT
> > >>
> > >>
> > >>>Challenged to change their port settings - most of them would think i
> > >>>
> > >>>
> > >was
> > >
> > >
> > >>>talking about their drinking habits
> > >>>Most of all why is this system going directly against established best
> > >>>practices amongs ISP's
> > >>>
> > >>>Regards
> > >>>Peter
> > >>>
> > >>>
> > >>Umm, using port 587 means using "SMTP-AUTH", which is a fairly standard
> > >>setting in most modern email clients. It's a common and vastly preferred
> > >>
> > >>
> > >way
> > >
> > >
> > >>to allow clients to relay their mail through your server in a wide-open
> > >>environment.
> > >>
> > >>-------
> > >>Archives at http://archives.listbox.com/spf-help/current/
> > >>Donate! http://spf.pobox.com/donations.html
> > >>To unsubscribe, change your address, or temporarily deactivate your
> > >>
> > >>
> > >subscription,
> > >
> > >
> > >>please go to
> > >>
> > >>
> > >http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > >
> > >
> > >>
> > >>
> > >
> > >
> > >-------
> > >Archives at http://archives.listbox.com/spf-help/current/
> > >Donate! http://spf.pobox.com/donations.html
> > >To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> > >please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > >
> > >
> > >
> > >
> > >
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> > please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
--
K.F.J. Martens, Sonologic,
http://www.sonologic.nl/ Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key:
http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program
can't read? Visit
http://www.openpgp.org/ -------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com