[LINK] Now that's secure - I guess

Karl Schaffarczyk karl.schaffarczyk at gmail.com
Tue Apr 3 10:12:30 AEST 2012 

Scott,
I think that under certain circumstances SPF hard failing for customer
domains should fail.

In fact, I'd prefer it did.

The ISP should be providing an auth-SMTP relay for customer use, available
on both ports 25 and a high port such as 2525 to allow access around
provider blocks on the use of port 25.
Better still, SMTP over SSL should really be mandatory.

The ISP should also supply webmail, and permit alternatives such as Gmail
sending via their SMTP server too.

I understand the extent of tech-support pain a system like this would be to
implement, but could you imagine how much less spam would be sent if this
could be implemented worldwide?
It would also provide a high level of convenience for the modern road
warrior. Laptops, iPads etc wouldn't need to be reconfigured every time a
person switched disparate providers - hotspots, cellular broadband,
institutional networks etc.


So if Pacific/Hunterlink is providing auth-SMTP with at least one port 25
alternative, then I support their decision to do so, and cannot call it
"broken"

Karl



> On Fri, Mar 30, 2012 at 10:06 PM, Noel Butler <noel.butler at ausics.net
> >wrote:
>
> > If you do not like the restrictions (hey it *IS* their domain name you
> > are using afterall), and given as you claim to have your own domains,
> > why not use one of them, and configure SPF correctly, or since you
> > disprove, perhaps with softfail or not at all, forwarding? well to your
> > own domain one would hope one is clever enough to whitelist their own
> > addresses - It's so simple even a child could understand it.
> >
>
>
> Sorry, but you're missing the point.
>
> No sane ISP in the world should be configuring SPF hard fail for a customer
> domain. It simply breaks far, far too much legitimate email.
>
> Whether David has an alternative address he can use as a workaround or not
> isn't relevant - Pacific Internet has screwed up here.  They seem to be
> doing this for all of the customer domains, not just Hunterlink.
>
> Despite it's flaws, SPF does have some valid use cases - even for hard
> fail.  ISP customer domains with a hard fail (ie, -all) isn't one of them.
>
>  Scott.
>
>

More information about the Link mailing list