SPF

[Alex Neuman]

One ISP here in my country required all of its more than 10,000 users to
enable AUTH. They did it over the course of one month. You can safely reject
any e-mail with "from:@theirdomain" if it's not authenticated.

It's just a matter of how good you are at educating users about something
that's a necessity, not a luxury.

I'm in the process of switching over all my clients' users to using POP3S +
SMTPS + AUTH + SPF + MS/SA/DCC/Razor2/Pyzor. Most are happy with the
additional level of security.

The only thing I've had to implement where too much traffic/high load was
concerned was RBL's at the MTA layer + clamav-milter.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Mark Nienberg
Sent: Tuesday, August 17, 2004 12:05 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SPF

On 17 Aug 2004 at 9:43, Peter Peters wrote:

> Helps me to don't use SPF. What is a "sufficient majority" of my users.
> People will argue that 90% of our students is a sufficient majority. For
> staff people argue that 95% is sufficient. But I have to be sure that
> within those 95% all master teachers are included. When I happen to
> "discredit" one of those by claiming the IP address from which he sends
> e-mail isn't allowed to send e-mail containing our domain I will be in
> trouble.
>
> I have had such a problem after blocking dynamic addresses in Brazil.
> Everything was perfect untill one person happened to be there for a
> while and needed to just send e-mail. And because his IP addresses where
> dynamic I had to unblock the whole range.

According to the SPF proponents the solution to this problem is to configure
your
roaming users to send e-mail through your own servers using SMTP AUTH with
STARTTLS.  The only problem, if you have lots of roaming users, is to
educate them
that this is necessary.  It's easy enough for me to say, because I only have
25 users!
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).