[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent spam to this list



On Tue, Oct 14, 2003 at 04:40:15PM -0500, Manoj Srivastava wrote:
> On Tue, 14 Oct 2003 10:21:23 -0500, John Hasler <john@dhh.gt.org> said: 
> 
> > I understand all that, which is why I found statements such as those
> > in
> >> [🔎] 20031013091645.GA5606@kos.to> confusing.  The fact is I can add SPF
> > records for any IP numbers I want to domains I control.  Thus if I
> > want to be able to send mail from the library or the university
> > claiming to be from my domain I just need to add the appropriate
> > records to my domain.  The library and university have nothing to
> > say in the matter.
> 
> 
> 	Consider this use case: I travel a lot, and stay in hotels
>  with network connections. Unfortunately, these  nigtly billed domains
>  have very poor mail gateways; I've been burned before. I now connect
>  directly and deliver mail from the MTA on my laptop.
> 
> 	I do not know, a priori, what the IP address is likely to be,
>  and getting DNS changed for datasync.com would take days, not hours,
>  by which time I would no longer be at the IP.
> 
> 	I do not have co-located servers; and my normal machine may
>  not be accessible from outside to tunnel to. Just like the postcards
>  I mail from the Hotel, the return address on my email points to a
>  valid mbox. 
> 
> 	Would there be any way to implement tihs use case with
>  everyone using SPF, and telling spamassassin to deep six failures?
> 
> 	manoj

Given that set of constraints? No. However, as I said before, the same
arguments have been used to defend open relays - and they are equally
valid, or invalid, depending on whether you consider the massive abuse
versus the few cases in which it is useful.

Both are, in fact, fairly readily solved by the same basic method (unless
port 25 is blocked outbound, which stops all chances of being able to send
email out directly, as well) - relay to a smarthost that accepts SMTP AUTH.
If your ISP won't do it, and your home box can't do it, perhaps it's time
to consider a business investment in maintaining a mailbox with an ISP who
does allow it - there are plenty to choose from.

In other words: I do not accept the argument that you should be able to
shift costs from you (the person wanting to do what is a fairly uncommon
and non-standard configuration) to me (the person who has to go through a
lot of spam to allow you to do so). In my world, my time is worth more than
your money - and it's my world that decides whether *I* use SPF, domain
verification, block dial-up addresses (which will also shoot you in the
foot), or filter all mail from your know addresses. Or none of the above.

If, and only if, much of the rest of the world makes the same value
judgement, then you might have issues sending email to them - because
they have said, on a policy level, that getting your email (through that
configuration) is *not as important* to them as *not* getting the spam.

So far, that policy seems to be a fairly popular one, if we go by the
fairly directly analagous situation of "who uses Open Relay lists as part
of their filtering" - though *most* of them that I've seen just use it as
an SA rule, rather than rejecting it outright.

A $19.95/mo dialup account hasn't bought you all that much of the Internet
for some years now; this is simply one more door that appears likely to
be closed. If you don't like that, there are perfectly workable ways to
buy the ability to do what you do want, for a very reasonable price, some
of which are unlikely to ever be blocked by any local ISP you may connect
through. TANSTAAFL; the Commons has long since been paved over.
-- 
Joel Baker <fenton@debian.org>                                        ,''`.
Debian GNU NetBSD/i386 porter                                        : :' :
                                                                     `. `'
				                                       `-

Attachment: pgpvxaXtm0N6w.pgp
Description: PGP signature


Reply to: