SPF and MailScanner

Jan-Peter Koopmann Jan-Peter.Koopmann at SECEIDOS.DE
Tue Feb 3 12:05:05 GMT 2004


> I have yet to see a solution to the problem that actually 
> will work in real life. SPF requires me to keep track of all 
> the IP addresses of every outgoing-mail-server used by 
> BTInternet, for example.They change their setup (for 
> maintenance or whatever) and all of a sudden all my mail is 
> rejected. Yeah, great idea :-(

Not necessarily true. First of all this is voluntarily. If you decide
not to give your domain SPF records nothing will change. If you do you
could use things like ptr, mx or include directive:

Mx: Allow mail being sent from all hosts that also accept mail for this
domain
Ptr: Allow mail for this host from all IPs that resolve to your domain.
Include: If BTInternet support SPF simply include btinternet and you do
not need to worry.

I fail to see why BTInternet is a problem for you? Are you behind a
dial-up like connection and run your own mailserver? That might be a
problem I agree. Companies tend to run their MTAs behind a static IP
though and have their remote users use SMTP AUTH to make sure, outgoing
mail is proberly scanned etc. 

Personally I think SPF is a good concept. Not perfect, but good!

Regards,
  JP




More information about the MailScanner mailing list