Comments on: Microsoft pushes spam-filtering technology

Sometime around November, Hotmail will flag e-mail as spam if it doesn't have the software giant's Sender ID tag.

[Michael Grogan]

This is hilarious...

...I have no idea why anyone would use hot mail or any other web mail service as their primary email. I use a local provider for fast, reliable email. I also have a hotmail account that I use as a trash receptacle. I only use it for things that are likely to generate spam and every time I log on to the hotmail account I delete nearly all of the messages because they're ALL SPAM! Why would I trust M$ to control spam?

Simple? Maybe for one domain you MS idiots

>Microsoft argues that publishing SPF records is >simple. It usually does not require new hardware or >software and the most arduous part is doing an >inventory of mail servers and the subsequent >maintenance of the record, Spiezle said.

We maintain 40+ servers with a total of 10,000 domains hosted. It ISN'T simple, it ISN'T easy AND it screws up the forwards our dear customers value so much. I hate it when someone who doesn't know a THING about implementation of this sort of operation on a large scale states it's "simple". Who shall I send the invoice to? Spiezle or Microsoft Inc?

Is it really as difficult as you make it out to be?

It sounds like you have a hosting company. Depending on the setup, the users may be allowed to alter their own DNS, in which case SPF wouldn't even be your problem.

Assuming it is your problem, and nobody has anything too crazy hosted, one simple line in the default DNS template would cover the vast majority's SPF with absolutely no configuration: "v=spf1 mx -all"

That will designate the domain's MX(es) as the only valid sender(s). For most domains, especially hosted ones, the MX is used to send and receive mail, so simply using the MX record will be just fine in most cases. I know that it isn't going to cover every single case, but it will work for many people, especially the ones I'm guessing you're referring to.

Another option is to have all client records include your company's SPF record, then maintain all the servers there. Assuming you have different servers hosting different accounts, you would essentially be setting up an SPF record that stated any of your hosted domains could use any of your hosting mail servers. While it wouldn't technically be 100% correct, it would only be a problem if an account on server1.hostco.com was being spoofed by a mail from server2.hostco.com. If you've got spammers using any of your servers, it's a problem, regardless of whether the spoofed domains belong to your other customers or to external sites.

Yes, bigger clients who are using multiple mail servers, where SMTP servers are separate from the MX, would need more configuration. But I'm pretty sure it's not a case of having to enter 40 server names for each of the 10,000 domains either.

[landlines]

...and then MS implements RSS: a brand new SPAM Superhighway!!!

What good will it do to implement half-thought-out authentication schemes for email when MS is proposing to implement a brand new scheme (RSS) for allowing unauthenticated visitors (or visitors who have been authenticated but are unwelcome right now) to take over all of your bandwidth and all of your machine cycles?

This is like forcing a Sunday newspaper into someone's face while they are trying to drive!!!

Doesn't anybody at MS understand the value of "speak only when spoken to" operation? Wasn't enhanced PRODUCTIVITY supposed to be the primary rationale for the desktop computer? We're already wasting WAY too much time on machine cycles on things which beep, sing, send useless reports to third parties, repeat things which don't need to be repeated, and log things which never should be logged. Do we now have to have each and every machine saddled with something which ties up our machine with communication just for the sake of communication? And talk about potential "buffer overflow" problems...!!!