At 16:21 19/10/2004, James Riden wrote:
Chris Hodgetts
writes: SPF = Sender Policy Framework..
It's a new sort of spam filter, that is better than the Microsoft offering.
SPF is merely designed to tell you whether an email has come from an authorised server for that domain. If an SPF check fails, it's probably spam. (Or a roaming user and someone hasn't got their config right.)
Just to be clear here - roaming users are not compatible with SPF *unless* the ISP's mailserver supports an authentication scheme like SMTP AUTH, and the users use it. This is probably the single biggest stumbling block for widespread adoption of SPF. If you advertise SPF records but don't provide SMTP AUTH, you effectively lock out your roaming users, or those that obtain services from multiple ISP's. (Jetstream with one ISP, webhosting + email with another for instance) The ideal situation would be that all ISP's that support roaming POP3 access (eg: everyone except Xtra and Clear(?) ) also support SMTP AUTH and therefore roaming SMTP, and also (eventually) publish SPF records. An ISP shouldn't even consider adding SPF records until they support SMTP AUTH. We (iGRIN) have had SMTP AUTH for a long time now, but don't currently have any SPF records. How many other ISP's support SMTP AUTH ? Last time I did a quick check about 6 months ago, (looking at the response to the EHLO command) less than a quarter of the NZ ISP's I tried reported SMTP AUTH being available. (Orcon and IHUG spring to mind as two who did support SMTP AUTH at the time) Widespread support for SMTP AUTH would be a good first step in the right direction towards schemes such as SPF... Regards, Simon