Terrel Shumway wrote:
> It sounds to me like the customer needs to upgrade the
> client software. If they want to go to the trouble of
> setting up SPF, downloading a new email program should
> be trivial by comparison.
Depends, if their ISP has a sender policy, they can just
include it into their policy. If the ISP has no policy,
and the customers have no clue what their iSP really does
(e.g. mailouts behind the MSA), then yes, that could be
difficult.
But you never say "upgrade your software" to a customer,
you offer a link to a piece of software acting as smtpd
to the old MUA, and as 2476 client to the real MSA. Of
course it's harder than changing the MUA, but that's not
your problem... ;-)
> Bending over backwards to accommodate outdated software
> is only going to introduce opportunities to compromise
> the security of the system.
SMTP-after-POP is IMHO not necessarily bad, if MAIL FROM
and IP must match the last successful POP3 login. But if
really old software doesn't allow to use port 587, then
it's probably _too_ old.
The case where the proud owner of "my.site.example" wants
to use MAIL FROM:<webmaster@my.site.example>" at his ISP,
although this ISP has nothing to do with the hoster of
my.site.example, is probably typical.
When this user starts to get spam at fake@my.site.example
and bounces to forged@my.site.example, it should be easy
to explain SPF and MSA. But before he hasn't seen this
for his own domain, he won't be happy if he can't use his
domain anymore at his ISP != hoster. Tough dilemma... :-(
Bye, Frank
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com