Re: mobile user strawman argument

[Mike Leber <mleber () he net>]

On Thu, 30 Jun 2005, Brad Knowles wrote:
> At 2:51 AM -0700 2005-06-29, Mike Leber wrote:
>
> >  Ya, ya, ya... you are going to say 1) its impossible to get people to use
> >  designated servers for outgoing email.  Or you will say 2) even if you do
> >  this there will still be *spam*! (egads shock horrror!)  Ugh please.
>
>       That's not the problem.  The problem is that there are plenty of 
> providers who transparently proxy *all* outgoing SMTP requests to 
> their servers, e.g., AOL.  If you publish SPF records for your 
> business and a customer is roaming and using AOL to access the 
> Internet (which is one of the primary reasons why a lot of people 
> keep their AOL accounts), they will be unable to send e-mail as their 
> userid on your server, because that connection will instead be 
> silently routed to the AOL servers.

In practice if your remote users don't use the submit port on your servers
it gives rise to all kinds of different issues involving you trying to
support the outbound filtering AOL is doing on your customers sending from
non AOL domains.

>       Of course, if you're going to do this, you should also be doing 
> at least SMTPAUTH and preferably TLSSMTP, but then again many clients 
> are broken and don't support these technologies or don't support them 
> correctly.

Or you support POP AUTH, which just works, is in widespread use (probably
the most widespread of the methods of authenticating the submit port after
allowing relaying by IP), and was implemented years ago when open relays
were closed.

Mike.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber () he net                                       http://www.he.net |
+-----------------------------------------------------------------------+