|| ||Matti Aarnio <matti.aarnio-AT-zmailer.org>|
|| ||VGER does gradual SPF activation (FAQ matter)|
|| ||Sun, 11 Jun 2006 01:27:34 +0300|
Now that there is even an RFC published about SPF...
What is SPF ?
It is one way to to ensure that at SMTP transport level the claimed
message source domain is valid, and message is coming from place
where origination domain's administrator has declared that are valid
source servers for emails claiming to be of that domain.
It does NOT verify that SMTP origination local part is true.
It does NOT verify message visible headers.
Several people have written MTA configurations that test arriving email
visible "From:" (and sometimes "Sent:") header against SPF data and
actually violate SPF specification doing that!
(We have routinely kicked subscribers with that bug from lists..)
What it gives ?
It gives us a way to tell the world, that emails claiming to be
coming from VGER should be accepted only when they really are
coming from vger. (Complications like recipients incoming MX
relays are not _our_ problem..)
We might get slight reduction of back falling junk at vger with
that - reduction increases when people begin to deploy the SPF
verification more and more widely into their receiving email servers.
(And do it correctly...)
Will VGER begin to verify SPF in incoming email ?
Yes, sometime this summer.
What will break ?
You really should go and read SPF documents and guides and FAQs at:
Very little will break, but one should really consider converting
their email sending methodology to one, which uses fewest possible
number of servers, publish that data in DNS, and always send all
emails thru those servers.
In longer run the amount of irresponsible (incurable) network security
holes (known as Windows) shows no sign of becoming extinct at adsl -lines,
so there will be increased pressure to demand sender identification
(and verification) during email sending - viruses can't do that yet...
And when they learn, user with infection can be trivially identified
and contacted/blocked. At the same time I do find it most likely that
ADSL-lines (and modems) will no longer be allowed to send _anywhere_
over plain SMTP.
In order to be able to send email, a "SUBMISSION" protocol does exist,
and is relatively easy to get working with for example the Thunderbird.
Better would be having a button "use submission service" in its account
setup.. (And similar in Outlook/O.Express...)
/Matti Aarnio -- one of postmaster at vger.kernel.org
to post comments)