mobile user strawman argument
Brad Knowles
brad at stop.mail-abuse.org
Thu Jun 30 16:43:38 UTC 2005
At 2:51 AM -0700 2005-06-29, Mike Leber wrote:
> Ya, ya, ya... you are going to say 1) its impossible to get people to use
> designated servers for outgoing email. Or you will say 2) even if you do
> this there will still be *spam*! (egads shock horrror!) Ugh please.
That's not the problem. The problem is that there are plenty of
providers who transparently proxy *all* outgoing SMTP requests to
their servers, e.g., AOL. If you publish SPF records for your
business and a customer is roaming and using AOL to access the
Internet (which is one of the primary reasons why a lot of people
keep their AOL accounts), they will be unable to send e-mail as their
userid on your server, because that connection will instead be
silently routed to the AOL servers.
Yes, you can bypass this by using alternative ports, but not all
MUAs support alternative ports, or support them correctly.
Of course, if you're going to do this, you should also be doing
at least SMTPAUTH and preferably TLSSMTP, but then again many clients
are broken and don't support these technologies or don't support them
correctly.
There are alternative solutions to the mobile user problem --
webmail services, VPNs, and shell e-mail. But none of them are a
panacea, and if you want to talk about a private customer as opposed
to a business person who is on an official trip, these options are
much less practical if it is their home ISP who has done this to them.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the NANOG
mailing list