:: [DNG] à chacun son goût (was: Is it…
Góra strony
Delete this message
Reply to this message
Autor: Rick Moen
Data:  
Dla: dng
Stare tematy: Re: [DNG] Is t worth the effort for SPF?, DMARC>, DKIM?, etc
Temat: [DNG] à chacun son goût (was: Is it worth the effort for SPF, DMARC, DKIM, etc.?)
Quoting Simon Hobson (simon@???):

> Rick Moen <rick@???> wrote:
>
> > My response inevitably is that I really couldn't care less whether
> > they like SPF or not. ...
>
> May I respectfully pick you up on that one.


Well, you can _try_.

> Regardless of the arguments for and against which have been done to
> death for long enough, SPF did predictably break email in many ways -
> some of which I used to use, and some which my clients used to use.


Sounds like a problem local to you. Possibly you wish to originate
port 25 mail on IP addresses you are not prepared to declare in an SPF
RR for reference by SMTP receivers. Like, maybe your users think it's
still 1995 and that they ought to be free to originate outbound port 25
SMTP connections purporting to represent your domain from arbitary,
not-preplanned IP addresses at will. I wouldn't know.

What I know is that all legitimate linuxmafia.com mail originates from
my MTA's static IPv4 address, and my declaring that in an SPF RR as the
sole legitimate origin helps others definitively detect and reject
forgeries. Therefore, I publish such an SPF RR, and am happy with the
results.

You say that for some reason you cannot gain the same benefit? OK, if
you say so. But I don't think that such a local (alleged) inability has
anything to do with me.

> In a small way, by implementing SPF yourself, you've added to the
> support for something that broke existing LEGITIMATE mail activities.


I doubt your premise that SPF 'breaks' anything -- and find it
highly suspicious that you don't support your assertion with anything
even remotely resembling specifics. However, additionally, your
apparent inability or disinclination to publish information in your DNS
saying 'All SMTP mail _not_ originating from IP addresses following this
spec should be considered forgeries' (_which is the sum and substance_)
utterly fails to be a reason why I ought not to, given that I can and
have done so.

> So your approach has a hint of "I don't do that, so I don't care about
> the people who do and now find it broken".


Since nobody else's mail (other than my users') purports to originate
from linuxmafia.com, I completely fail to see how my succesful
deployment of a precise and accurate SPF RR adversely affects anyone
else in the universe, let alone 'takes away their freedom'. You can try
to show otherwise, if you want, but it's going to require some awfully
compelling evidence, and I'm pretty certain you don't have any nor can
acquire any.

I'll be frank, too. Experience suggests that people making this
argument are unwilling to come to terms with the modern reality that
SMTP forgery is a huge problem and that circa-1995 policies of SMTP port
25 origination are a bad idea, and somehow think it's my job to
contend better with reality. That actually just is not my job, and I
have a lot better things to do with my time.

> Hmm, didn't Devuan come into being partly due to someone pushing a
> policy of not caring what he breaks for other people ? Sorry, that was
> a bit below the belt but I hope it illustrates the issue.


I wouldn't calling that hitting below the belt. I'd call it dribbling
on your feet, since we're going for metaphorical imagery.