Mailing List Archive

----- Original Message -----
From: "Otto Willum Nielsen" <nielsen@awtoc.net>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 4:36 AM
Subject: Re: [spf-help] Domain registration


> Hi the Chinese are blocking port 587 so now what to do ?
>
> Regards
>
> Otto

What, at their routers to the satellite feeds or trans-atlantic cables?

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

> an email sent from a iib.ws email account through
> smtp.mail.yahoo.com using the yahoo authentication was
> rejected by the problem domain
>
> Why does it work for virgin and not for us or is this
> configured so it does not get all the big ISP's miffed
>

Presumably because iib.ws has an SPF record ("v=spf1 ip4:81.27.96.0/20
-all"), and virgin.net doesn't.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Actually if you read that last one then you would have seen that it was the
result of a test to check out how wide reaching the rejections were in
relation to the first question posed - the results were

an email sent from a virgin.net email account through smtp.mail.yahoo.com
using the yahoo authentication went srraight through to the problem domain

an email sent from a iib.ws email account through smtp.mail.yahoo.com using
the yahoo authentication was rejected by the problem domain

Why does it work for virgin and not for us or is this configured so it does
not get all the big ISP's miffed

we do not have a SPF record configure as far as i know at this time and if
we do it was set up by someone with absolutely no authority to do so - how
can I check this out to ensure that no such record exists

Regards
Peter

----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 12:27 PM
Subject: Re: [spf-help] Domain registration


> Listen,
>
> As I understand it, your original question was:
>
> "How do I go about registering where the following conditions are true
> email users connect in via their own isp and as a large number of ISP's
> worldwide are currently blocking SMTP traffic to any but their own mail
> servers
> they have to send mail on this domain through other ISP's mailservers
> which
> means that mail from this domain can come through any ISP's mailserver
> even
> though the primary mail server does exist and most of our users go
> through that
> one "
>
>
> If you want people to be able to send mail from your domain through
> whatever smtp server just don't publish spf or publish +all. The
> consequence: people you don't know will use your domain to send out spam
> or whatever too. That's the consequence.
>
> If you want to control who sends out mail pretending to be from your
> domain, you will have to limit the number of ways in which mail from
> that domain can be sent and publish spf on the domain stating the
> limited number of options.
>
> One way to do this is to include all the isp's the users of the domain
> use, and have them send through the isp's servers. This has a couple of
> drawbacks: any of the other customers of those isp's can also send from
> the domain and it is impossible to keep track of all isps's used for
> 500+ domains.
>
> Another solution is to get a centralized mail injection point, eg. an
> SMTP-AUTH server, so that you only have to list that one server. Problem
> with that apparently is that some ISP's block every port including port
> 80 (what good is such an isp anyway?), so that your clients can not
> submit mail. Other options are: set up webmail, use a remailing service,
> etc..
>
> Why do ISP's block port 25? They don't want to be held responsible for
> spam/virusses from their customers zombied machines. Ok, so why do
> domain owners publish spf records? Because they don't want to be held
> responsible for spam/virusses from their domains. Does the ISP care
> about the domain owners? No. They just want to protect their reputation,
> and therefore block port 25, and that's that.
>
> So the choice is basically: keep allowing the flexibility of everyone
> sending mail pretending to be from your domains or protect your domains
> with spf and sacrifice the anyone-can-send-from-anywhere freedom that
> made spam so great.
>
>
> Now for your last reply, about it all getting silly. You there pose a
> question that has nothing to do with the original question. First of
> all, what is 'this all'. Could you clarify your question. If you want
> straight answers, ask straight questions.
>
> Koen
>
> On Wed, Sep 15, 2004 at 11:57:46AM +0100, Peter Winning wrote:
> > This is all getting very silly - why can't we get a straight answer to
"why
> > does this not interfere with traffic from a major ISP going through
another
> > ISP's SMTP server and yet it blocks our domain when going through the
same
> > route" and how can this be set up but don't tell us that they have all
> > registered with SPF because I do not beleive that for a second
> >
> > ----- Original Message -----
> > From: "Otto Willum Nielsen" <nielsen@awtoc.net>
> > To: <spf-help@v2.listbox.com>
> > Sent: Wednesday, September 15, 2004 9:36 AM
> > Subject: Re: [spf-help] Domain registration
> >
> >
> > > Hi the Chinese are blocking port 587 so now what to do ?
> > >
> > > Regards
> > >
> > > Otto
> > >
> > > Peter Winning wrote:
> > >
> > > >They are using SMTP authentication but some of the ISP's still dont
let
> > it
> > > >through - they are blocking all external SMTP traffic
> > > >
> > > >and as an example when sending through a yahoo mail server via a NTL
> > email
> > > >account the message went straight through to the recipients
mailserver
> > who
> > > >is "protected" by SPF yet on my domains account using the same route
it
> > got
> > > >blocked - try it and see - there is no need to mess around your users
as
> > the
> > > >system to handle this is obviously in place
> > > >
> > > >So what i am asking is how did they do that because that is how i
would
> > need
> > > >this to function
> > > >
> > > >Regards
> > > >Peter
> > > >
> > > >----- Original Message -----
> > > >From: "Nico Kadel-Garcia" <nkadel@merl.com>
> > > >To: <spf-help@v2.listbox.com>
> > > >Sent: Wednesday, September 15, 2004 1:29 AM
> > > >Subject: Re: [spf-help] Domain registration
> > > >
> > > >
> > > >
> > > >
> > > >>----- Original Message -----
> > > >>From: "Peter Winning" <peter@iib.ws>
> > > >>To: <spf-help@v2.listbox.com>
> > > >>Sent: Tuesday, September 14, 2004 1:55 PM
> > > >>Subject: Re: [spf-help] Domain registration
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>>I agree - and it is nearly impossible to ask 2000+ users 30% of
which
> > > >>>
> > > >>>
> > > >are
> > > >
> > > >
> > > >>IT
> > > >>
> > > >>
> > > >>>Challenged to change their port settings - most of them would think
i
> > > >>>
> > > >>>
> > > >was
> > > >
> > > >
> > > >>>talking about their drinking habits
> > > >>>Most of all why is this system going directly against established
best
> > > >>>practices amongs ISP's
> > > >>>
> > > >>>Regards
> > > >>>Peter
> > > >>>
> > > >>>
> > > >>Umm, using port 587 means using "SMTP-AUTH", which is a fairly
standard
> > > >>setting in most modern email clients. It's a common and vastly
preferred
> > > >>
> > > >>
> > > >way
> > > >
> > > >
> > > >>to allow clients to relay their mail through your server in a
wide-open
> > > >>environment.
> > > >>
> > > >>-------
> > > >>Archives at http://archives.listbox.com/spf-help/current/
> > > >>Donate! http://spf.pobox.com/donations.html
> > > >>To unsubscribe, change your address, or temporarily deactivate your
> > > >>
> > > >>
> > > >subscription,
> > > >
> > > >
> > > >>please go to
> > > >>
> > > >>
> > > >http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > > >
> > > >
> > > >>
> > > >>
> > > >
> > > >
> > > >-------
> > > >Archives at http://archives.listbox.com/spf-help/current/
> > > >Donate! http://spf.pobox.com/donations.html
> > > >To unsubscribe, change your address, or temporarily deactivate your
> > subscription,
> > > >please go to
> > http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > -------
> > > Archives at http://archives.listbox.com/spf-help/current/
> > > Donate! http://spf.pobox.com/donations.html
> > > To unsubscribe, change your address, or temporarily deactivate your
> > subscription,
> > > please go to
> > http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > >
> >
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your
subscription,
> > please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hican yo tell me what to do if the ISP block 587 ? Here in China port
587 is blocked, but 25 & 26 is not blocked, but when I send mail out
using 26 it does not go straight to my server it shows the ISP IP, now
that brings me back to the start.

Regards
Otto

Peter Winning wrote:

>Thank you - I can hardly beleive someone set this up without checking with
>me first - they are going to regret that little decision
>
>Regards
>Peter
>----- Original Message -----
>From: "Mark" <spf@ms.cx>
>To: <spf-help@v2.listbox.com>
>Sent: Wednesday, September 15, 2004 4:53 PM
>Subject: RE: [spf-help] Domain registration
>
>
>
>
>>>an email sent from a iib.ws email account through
>>>smtp.mail.yahoo.com using the yahoo authentication was
>>>rejected by the problem domain
>>>
>>>Why does it work for virgin and not for us or is this
>>>configured so it does not get all the big ISP's miffed
>>>
>>>
>>>
>>Presumably because iib.ws has an SPF record ("v=spf1 ip4:81.27.96.0/20
>>-all"), and virgin.net doesn't.
>>
>>-------
>>Archives at http://archives.listbox.com/spf-help/current/
>>Donate! http://spf.pobox.com/donations.html
>>To unsubscribe, change your address, or temporarily deactivate your
>>
>>
>subscription,
>
>
>>please go to
>>
>>
>http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
>>
>>
>
>
>-------
>Archives at http://archives.listbox.com/spf-help/current/
>Donate! http://spf.pobox.com/donations.html
>To unsubscribe, change your address, or temporarily deactivate your subscription,
>please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
>
>
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Thank you - I can hardly beleive someone set this up without checking with
me first - they are going to regret that little decision

Regards
Peter
----- Original Message -----
From: "Mark" <spf@ms.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 4:53 PM
Subject: RE: [spf-help] Domain registration


> > an email sent from a iib.ws email account through
> > smtp.mail.yahoo.com using the yahoo authentication was
> > rejected by the problem domain
> >
> > Why does it work for virgin and not for us or is this
> > configured so it does not get all the big ISP's miffed
> >
>
> Presumably because iib.ws has an SPF record ("v=spf1 ip4:81.27.96.0/20
> -all"), and virgin.net doesn't.
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

----- Original Message -----
From: "Peter Winning" <peter@iib.ws>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 00:59
Subject: Re: [spf-help] Domain registration


> They are using SMTP authentication but some of the ISP's still dont let it
> through - they are blocking all external SMTP traffic

There's a point at which you have to ask yourself "is this ISP worth it?" I
can fully understand blocking port 25 outgoing traffic. If they start
blocking SMTP Auth traffic on port 587, then at that point they're making it
very damn hard to get along with them.

>
> and as an example when sending through a yahoo mail server via a NTL email
> account the message went straight through to the recipients mailserver who
> is "protected" by SPF yet on my domains account using the same route it
got
> blocked - try it and see - there is no need to mess around your users as
the
> system to handle this is obviously in place
>
> So what i am asking is how did they do that because that is how i would
need
> this to function

The only possibility I can think of off the top is that they are rewriting
the envelope to make it all look like it's coming from the Yahoo account,
which, if I understand SPF at all, means that things should go through fine.
Have you checked the headers?

--
A. Clausen
techlists@alberni.net

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

----- Original Message -----
From: "Otto Willum Nielsen" <nielsen@awtoc.net>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 01:36
Subject: Re: [spf-help] Domain registration


> Hi the Chinese are blocking port 587 so now what to do ?
>
> Regards

Well, if some folks are going to put up roadblocks that huge, then you got
me. Clearly any ISP that isn't going to accomodate a standard like using
port 587 for non-MTA mail traffic is screwing with their customers. The
only possibility I can think of at this point is for someone to set up a
mail server that can rewrite the headers. Is this the Chinese government?
Are they trying to force email traffic through domestic servers?

--
A. Clausen
techlists@alberni.net

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Oh yes that is the reason, all mail traffic must pass domestic servers
in China , and that brings us back to the start, how can SPF then help
here ? We could configure our servers to use a port which is not
blocked, but then Cpanel would most properly overwrite it when it
updates it self.

Regards
Otto

A. Clausen wrote:

>----- Original Message -----
>From: "Otto Willum Nielsen" <nielsen@awtoc.net>
>To: <spf-help@v2.listbox.com>
>Sent: Wednesday, September 15, 2004 01:36
>Subject: Re: [spf-help] Domain registration
>
>
>
>
>>Hi the Chinese are blocking port 587 so now what to do ?
>>
>>Regards
>>
>>
>
>Well, if some folks are going to put up roadblocks that huge, then you got
>me. Clearly any ISP that isn't going to accomodate a standard like using
>port 587 for non-MTA mail traffic is screwing with their customers. The
>only possibility I can think of at this point is for someone to set up a
>mail server that can rewrite the headers. Is this the Chinese government?
>Are they trying to force email traffic through domestic servers?
>
>
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Otto Willum Nielsen
> Sent: Thursday, September 16, 2004 1:24 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Domain registration
>
>
> Oh yes that is the reason, all mail traffic must pass domestic servers
> in China , and that brings us back to the start, how can SPF then help
> here ? We could configure our servers to use a port which is not
> blocked, but then Cpanel would most properly overwrite it when it
> updates it self.
>
> Regards
> Otto
>
Then you are down to a few choices....

If the problem is getting out of China, then can you consolidate your users
in China down to using one or a few mail servers? If you can, you can add
those servers to your SPF record, but unless you have administrative control
over the servers or you are confident that they don't allow cross customer
forgery (very unlikely, so if you are sure, assume they do) then you don't
want to give an SPF pass to those servers. If you put a ? in front of the
mechanism for the server(s), e.g. ?a:smtp.chinaisp.com, that will give a
neutral result. Netural is to be treated like no SPF. What this does is
allow messages from those servers not to be treated as forgeries.

If you cannot consolidate your users, then you could use the exists
mechanism and a custome DNS server to implement per user policies. This is
complex, but within the scope of what SPF can do. Pobox.com is
experimenting with per user policies as they have a similar sort of problem.
Here is a reference to their efforts in the spf-discuss archives (you may
have to subscribe to spf-discuss and log in to get this):

http://archives.listbox.com/spf-discuss@v2.listbox.com/200406/1014.html

If you are interested in per users policies, I would recommend joining
spf-discuss and bringing up your situation there.

Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

This topic of this thread seems to have been completely lost, but I thought
I might have some useful input.
I have recently had to deal with this issue and it seems that it was pretty
easy to determine the proper course of action.
A major ISP in my city is also the local telco company, so they have quite a
number of clients.
Further to that, probably at least half of my customers are accessing the
internet through this ISP.
Most of these customers have a registered domain name which I host the mail
for using mail.theirdomain.tld

The ISP started blocking all traffic on port 25 for any server except their
own mail server: smtp.isp.net for example.
But what I found in communication with their tech-support was that as long
as the customer was indeed dialed up to them (or connected via PPP-OE), then
they were allowed to relay through smtp.isp.net without any SMTP-AUTH or
checking of any kind (from what I can tell).

So the solution seems simple, something like: "v=spf1 a mx
include:smtp.isp.net -all", no?

Rick.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Rick Keating
> Sent: Thursday, September 16, 2004 12:52 PM
> To: spf-help@v2.listbox.com
> Subject: RE: [spf-help] Domain registration
>
> This topic of this thread seems to have been completely lost, but
> I thought
> I might have some useful input.
> I have recently had to deal with this issue and it seems that it
> was pretty
> easy to determine the proper course of action.
> A major ISP in my city is also the local telco company, so they
> have quite a
> number of clients.
> Further to that, probably at least half of my customers are accessing the
> internet through this ISP.
> Most of these customers have a registered domain name which I
> host the mail
> for using mail.theirdomain.tld
>
> The ISP started blocking all traffic on port 25 for any server
> except their
> own mail server: smtp.isp.net for example.
> But what I found in communication with their tech-support was that as long
> as the customer was indeed dialed up to them (or connected via
> PPP-OE), then
> they were allowed to relay through smtp.isp.net without any SMTP-AUTH or
> checking of any kind (from what I can tell).
>
> So the solution seems simple, something like: "v=spf1 a mx
> include:smtp.isp.net -all", no?
>
> Rick.
>
This works (and I use something similar) when the bulk of the users are
using one ISP. I would, however, suggest that if isp.net is allowing
SMTP-AUTHed users to send with arbitrary return-path: and from: (almost all
do), then you would be better off to modify your example to be:

"v=spf1 a mx ?include:smtp.isp.net -all"

So that mail sent through their servers gets a NEUTRAL rather than PASS
respsonse.

If you don't, any user of isp.net can easily forge your domain. It comes
down to a question of how much you trust isp.net's customers.

Also, this will only work if isp.net publishes an SPF record. If there is
no SPF record for them, then this will return an error if the earlier
mechanisms don't match. It will never return a FAIL.

I believe (but could be mistaken) that the original poster has users
scattered among a large number of ISPs and so adding an include: for all of
them would result in a very large record (possibly to big) and potentially
open their domain up for abuse. That's why I suggested looking in to per
users policies.

Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, 2004-09-14 at 20:57, Philip Moose wrote:
> HI,
>
> What do we do when port 587 becomes blocked for the same reason(s) as port
> 25 is being blocked?
>

There is no reason to block 587 - it is a mail submission port (i.e.
user client -> mail server) rather than a mail transfer port (mail
server -> mail server). The reason for blocking port 25 is because it is
used both by users and mail servers, and there is no (easy) way to
discriminate.

> Do we just keep switching to unused ports, one after another?

No. 587 is an acknowledged standard port.

>
> I don't see how end users are going to put up with this mess. They just
> want to send their email and they don't what to have to mess around
> switching ports because Microsoft or another big guy descides they aren't
> going to use port 587 any longer.

Not going to happen.

>
> There has to be a better way!
>


This is the better way. Use 587 to submit mail *to* a mail server. Use
port 25 for mail servers to transfer mail. Require authentication of
port 587 (your users should be your users).

Blane.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Port 587 is totally blocked in China, but port 25 & 26 is working, so
now what ?



Blane Bramble wrote:

>On Tue, 2004-09-14 at 20:57, Philip Moose wrote:
>
>
>>HI,
>>
>>What do we do when port 587 becomes blocked for the same reason(s) as port
>>25 is being blocked?
>>
>>
>>
>
>There is no reason to block 587 - it is a mail submission port (i.e.
>user client -> mail server) rather than a mail transfer port (mail
>server -> mail server). The reason for blocking port 25 is because it is
>used both by users and mail servers, and there is no (easy) way to
>discriminate.
>
>
>
>>Do we just keep switching to unused ports, one after another?
>>
>>
>
>No. 587 is an acknowledged standard port.
>
>
>
>>I don't see how end users are going to put up with this mess. They just
>>want to send their email and they don't what to have to mess around
>>switching ports because Microsoft or another big guy descides they aren't
>>going to use port 587 any longer.
>>
>>
>
>Not going to happen.
>
>
>
>>There has to be a better way!
>>
>>
>>
>
>
>This is the better way. Use 587 to submit mail *to* a mail server. Use
>port 25 for mail servers to transfer mail. Require authentication of
>port 587 (your users should be your users).
>
>Blane.
>
>
>-------
>Archives at http://archives.listbox.com/spf-help/current/
>Donate! http://spf.pobox.com/donations.html
>To unsubscribe, change your address, or temporarily deactivate your subscription,
>please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
>
>
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Use port 25 (or 26), how more obvious can it get?

On Fri, Sep 17, 2004 at 07:25:40PM +0800, Otto Willum Nielsen wrote:
> Port 587 is totally blocked in China, but port 25 & 26 is working, so
> now what ?

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I know, but then we are not archiving anything with SPF as each users
would have to either use their ISP's and then you would have to
configure more than such accounts in SPF and that is not practical, then
when a user changes ISP then what ?
In China the system can not help as all e-mail traffic are routed via
domestic servers.

Regards
Otto W Nielsen

Koen Martens wrote:

>Use port 25 (or 26), how more obvious can it get?
>
>On Fri, Sep 17, 2004 at 07:25:40PM +0800, Otto Willum Nielsen wrote:
>
>
>>Port 587 is totally blocked in China, but port 25 & 26 is working, so
>>now what ?
>>
>>
>
>
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

----- Original Message -----
From: "Otto Willum Nielsen" <nielsen@awtoc.net>
To: <spf-help@v2.listbox.com>
Sent: Friday, September 17, 2004 7:25 AM
Subject: Re: [spf-help] Domain registration


> Port 587 is totally blocked in China, but port 25 & 26 is working, so
> now what ?

You're trying to get around political censorship and avoid spam blocking and
permit people to send their email as if they were on domains elsewhere to
keep their headers consistent with their business.

The phrase to describe this includes the words "rock" and "hard place", and
it's usually dealt with by using an HTTPS based webmail server on your home
or business network.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com