On Thu, 30 Jun 2005, Brad Knowles wrote:
At 2:51 AM -0700 2005-06-29, Mike Leber wrote:
Ya, ya, ya... you are going to say 1) its impossible to get people to use designated servers for outgoing email. Or you will say 2) even if you do this there will still be *spam*! (egads shock horrror!) Ugh please.
That's not the problem. The problem is that there are plenty of providers who transparently proxy *all* outgoing SMTP requests to their servers, e.g., AOL. If you publish SPF records for your business and a customer is roaming and using AOL to access the Internet (which is one of the primary reasons why a lot of people keep their AOL accounts), they will be unable to send e-mail as their userid on your server, because that connection will instead be silently routed to the AOL servers.
In practice if your remote users don't use the submit port on your servers it gives rise to all kinds of different issues involving you trying to support the outbound filtering AOL is doing on your customers sending from non AOL domains.
Of course, if you're going to do this, you should also be doing at least SMTPAUTH and preferably TLSSMTP, but then again many clients are broken and don't support these technologies or don't support them correctly.
Or you support POP AUTH, which just works, is in widespread use (probably the most widespread of the methods of authenticating the submit port after allowing relaying by IP), and was implemented years ago when open relays were closed. Mike. +----------------- H U R R I C A N E - E L E C T R I C -----------------+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | mleber@he.net http://www.he.net | +-----------------------------------------------------------------------+