Sorry Arjen, that was supposed to go to the list, not to you directly :( -----Original Message----- From: Arjen de Korte [mailto:suse+security@de-korte.org] Sent: 18 May 2005 10:14 AM To: Barry Gill Subject: RE: [suse-security] Re: cracked system?

The problem is you are trying to find a workaround to a system that is oput in place by people who are trying to protect the legitimacy of their own domains.

I was not the one asking this question. In fact, I enabled SPF checking on my inbound MTA's over a year ago, at the same time when I created SPF records for all the domains I control.

If you were on my company domain where I have SPF set up and tried to send from a home dsl smtp service, not only would I publically flog you for breaching the policies I put in place to protect my network, I would remove all mail rights from you for a period until you are made fully aware of the implications of what you are doing.

All my users use SASL authentication and submit their e-mail trough the submission port (I'm well aware of the implications), so you are preaching to the choir. :-)

SPF does not make your life difficult, but it helps people around the world track down spammers and ultimately prosecute them.

Unfortunately we're not even near this and there are still many technical issues surrounding SPF (forwarding is only one of them). Large scale adoption of very restrictive SPF records is too soon IMHO and looking at the GMX site (which is the large German ISP where the OP had problems with) they could (should) have done a much better job in explaining the implications of their very restrictive policy (they publish -all at the end of their record). Best regards, Arjen