Hi out there
We got two customers (one is another ISP) pretending that they have observed, that Google, Sunrise and other Services have startet flagging their customer's emails as spam, because the sender domain has not SPF record. Not an 'non matching' SPF record, but the sender just dones not use SPF at all.
From my point of view especialy an ISP should be very carefull with SPF. There are hundreds of customers using their email addresses via foreign SMTP Servers. So if you start using SPF als ISP you have to instruct your customers to use SMPT-Auth. Furthermore web based feeback forms and similar would not work anymore if the ip address of that web server is not published as valid sender. And not many mailers who do forward emails are SRS compliant.
So what are your experiences out there? Has someone else observed some ISP having started penalizing emails from sender domains who don't use SPF?
Mit freundlichen Grüssen
Benoit Panizzon
Hello Benoit,
On 14. 03. 11 14:49, Benoit Panizzon wrote:
We got two customers (one is another ISP) pretending that they have observed, that Google, Sunrise and other Services have startet flagging their customer's emails as spam, because the sender domain has not SPF record. Not an 'non matching' SPF record, but the sender just dones not use SPF at all.
Hotmail has been doing it for a long time, so it is no new matter for mail providers.
If your customers can use foreign SMTP servers to send emails, you can instruct your SPF record to include this info, by simply syaing what you advertise as your "normal" outgoing servers is not exclusive (-all vs ?all).
Remote ends can increase their confidence depdending on the source, by decreasing/increasing spam score, bypassing greylists, etc...
If your SPF record is correct, you don't really need to know if it's usefull or not, it is simply harmless and provides additionnal info to remote parties.
As a conclusion, if you care enough for your customers, you _should_ publish accurate SPF records for their (your) domains, whether you use SPF in your filtering techniques or not.
Rene Luria operator@infomaniak.ch wrote:
As a conclusion, if you care enough for your customers, you _should_ publish accurate SPF records for their (your) domains, whether you use SPF in your filtering techniques or not.
But doing so increases the likelihood of SPF being perceived as "widely implemented among reasonable ISPs" and hence being a reasonable thing for base filtering on. Given how broken SPF is by design, that is definitely not a good side effect.
IMO it's more reasonable to use *only* DKIM and encourage others to do the same.
Greetings, Norbert
On Monday 14 March 2011 18:21:02 Norbert Bollow wrote:
IMO it's more reasonable to use only DKIM and encourage others to do the same.
Well, even DKIM is not "the magic solution" either and it does not address the same issues as SPF does - it just breaks for other things. SPF authenticates (well, more or less) the sending network/server, while DKIM authenticates the content - but it can be replayed if you happen to have a valid signature for a mail and it fails for mailinglists like swinog, because adding a footer to the mail breaks the signature...
Greetz, Matthias
-
Benoit Panizzon -
Matthias Blaser -
Norbert Bollow -
Rene Luria