Hello,

Wondering .. Its about 20 days until SPF records will be required in DNS .. Thats what everyone is saying ..

Several Questions ..

1. Does PSOFT plan on modding DNS manager to allow people to add the records ..

2. Is the final 8.4.5.1 Bind just gonna do these ???

3. Or its like reverse pointers now .. add them in manually ?? and wait for PSOFT's SPF implementation which is some time early 2005 .. Last time Igor talked about it ..

Lady Linux :confused:

20 days until SPF records will be "required"? What are you talking about? Required by whome?

Igor,

Quote

"Thousands of email providers and companies including Hotmail, AOL, and Google have begun publishing SPF records and have built SPF support in their spam filters. Microsoft has announced that they will begin filtering email that does not support SPF starting Oct 1st, 2004 and is urging ISP’s to begin publishing SPF records."

Thats all over the internet .. Do a google search ..

Lady Linux

Try dnsreport.com .. put in your domain .. and look at the SPF warning

Well, what I can find:
" The company is strongly urging e-mail providers and Internet service providers to publish, by mid-September, Sender Policy Framework records that identify their e-mail servers in the domain name system. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol addresses of e-mail servers listed in that sending domain’s SPF record by October 1.
Messages that fail the check will not be rejected but will be further scrutinized and filtered, says Craig Spiezle, director of Microsoft’s Safety Technology and Strategy Group."
which for me means that if you publish SPF, and it doesn't match your mail server - it will be filtered out. So:
#1 Microsoft will not block thouse that don't have SPF records, yet, it will definatly start filtering out thouse that has one - which doesn't match the dns record.

Igor,

Let me carefully explain myself .. I see this as a mess .. I do not see any easy answer .. So this is not a critical comment about PSOFT at all .. just a exchange of ideas .. about this mess on the horizon ..

Article Link (http://www.infoworld.com/article/04/07/22/HNmicrosoftid_1.html)

So .. Please anyone .. Im not saying PSOFT is negligent here .. Just wondering if something does have to be done ..

What ??

Thanks,

Lady Linux :)

Microsoft will not block thouse that don't have SPF records, yet, it will definatly start filtering out thouse that has one - which doesn't match the dns record.

Im not too worried about MS .. its idiots at AOL Etc that I worry about ..

But thats a good point Igor ..

Lady Linux

I too was under the impression that PSoft would have something implimented by Oct. 1st, 2004. Why, I do not know but that was my impression.

Igor, to put us at ease, where is PSoft in the process of implimenting SPF and are you going to be able to hit Oct 1st? If not what is your anticipated time frame?

--Tracy

On Sep 10th the Microsoft "Sender ID" was scheduled to get the OK from the MARID-Workinggroup from the Internet Engineering Task Force (IETF, http://www.ietf.org/html.charters/marid-charter.html) but they rejected the current proposal by Microsoft.
So I don't know if they now implement SPF?

Microsoft will impliment Sender-ID in whatever form they wish, which has SPF included (this could always change). That doesn't mean they are not going to impliment Sender-ID .

Igor,

So are we to take it that you say there will be no problem Oct 1st and beyond ??? Or there just is not easy answer ...

It seems to me .. Reading some hotmail posts that filtering devices are already causing issues .. Now .. Bear with me here

On the 1st of Oct .. What am I to say if a provider like MS asks me "Do you have SPF records" ..

Somehow I can feel the blame game already starting .. And customers and providers losing .. Without a clear answer ..

Does anyone here think this could happen .. Or not ??

Lady Linux :(

I am sure that there will be no problem on Oct 1st and beyond. Until critical mass is reached, no provider (including) MS will be able to require it. Honestly speaking - I expect more issues for people who publish SPF on Oct 1st - as THEY are the one who will be filtered based on SPF - and trust me - many of them haven't implemented SRS - or havne't even thought about the fact that they need to do it, or how it will affect double forwards.

I expect more issues for people who publish SPF on Oct 1st

Other than the first level support idiots .. Trying to play Tech Support ..

I just see all this filtering issue crap with Hotmail for example .. and I know for a fact that Mid May AOL went bonkers and started rejecting everyones mail randomly ..

Ok .. well yes .. The SRS arguement is a good one .. and yes add in the forwards .. and customers will understand when they get the support idiots at there AOL etc mail spouting off about SPF ..

Good Info Igor Thank You,

Lady Linux

so any news on spf implementation?

Hello,

To bring this thread for for possible issues tomorrow .. I say slight ..

Make sure you are running a version of Mail from PSOFT that has SPF submission enabled .. Port 587 TCP ..

Make sure your firewalls are updated for such ..

Be ready to tell your customers to use this port in Outlook et all for SMTP ..

What else happens as we go along .. Well PSOFT has provided a compliant version of Qmail .. As best as the cloudy standards implementation would allow ..


Regards,

Lady Linux

PS: When are we going to see txt type as a DNS field PSOFT ?? .. Would be nice and I think easy to add ..

Greetings Francesca:


Make sure you are running a version of Mail from PSOFT that has SPF submission enabled .. Port 587 TCP ..

Make sure your firewalls are updated for such ..

Be ready to tell your customers to use this port in Outlook et all for SMTP ..



Why will customers have to use port 587 for SPF rather than port 25?

Thank you.

Peter,

That is a directive based on line item two

Under

I'm an ISP. What should I keep in mind?

http://spf.pobox.com/faq.html#forisps

Its a always for sure will be working port ..

Francesca

but if port 587 is going to be a common port just like 25, won't the spammers and worms catch up and start using it? Then the ISPs will start blocking it again the same way as they've blocked port 25..

Jim,

Did you even read the idea ???

If all this was is shift to port 587 .. and yah .. turn off port 25 .. Why are larger ISP's than any of us could ever hope to ever be embracing this ..

Its switch to port 587 for everyone who was affected BY what .. the creaky old smtp free love mailer .. and every ISP from here to whatever blocking that because SMTP was such a open take on anything protocol ..

Its switch to Smtp Auth .. Its use a caller id .. Its in a nutshell a good start ..

Its the end of anonymous smtp .. Adios ..

Francesca

oops forgot that it's authenticated :D It's been a long time since I read it :)

Greetings Francesca:


Peter,

That is a directive based on line item two

Under I'm an ISP. What should I keep in mind?

http://spf.pobox.com/faq.html#forisps

Its a always for sure will be working port ..

Francesca


Thank you; it looks like both 25 and 587 will work. Though just like today, alternate ports are needed, and 587 will be a more standardized alternate port.

Thank you.

Greetings:

RE: http://spf.pobox.com/faq.html#forisps

"You can tell who these users are by adding an "exists:%{l}.%{i}._spf.ISP.COM" record, and grepping in your DNS server logs to see who's mailing through what machines. Then you can contact all nonconformant users and tell them to use your SMTP server."

It could be me being dense, but what would the DNS record above look like in bind/DNS format?

Also, is it recommended to use "-all, ?all, or ~all" as part of the record? I get the impression "?all" to start. Correct?

Thank you.

Peter,

That verbage they have there is rather confusing .. I am playing wait and see what the final implementation comes out with .. Because SPF is a evolving project .. In scope and implementation .

Francesca