Jag Servers and Sender ID Checks

[flipdoubt]

How will Jag mail servers fare when and if Sender ID becomes a reality?
http://www.infoworld.com/article/04/...osoftid_1.html

[jason]

I just glossed over the article, but from what I read, it doesn't look like it would be too difficult to implement--just a slight modification to DNS zone files. One thing that I do see as a problem is the ISP's that block SMTP traffic to servers other than their own. If you use one of these ISP's then "require" you to send through servers that would not be mapped to your domain (there are ways around this, discussed at length in other threads, but I'm just throwing out what immeadiatly comes to mind). Perhaps a solution to this would be to add an "Add Sender ID" option (similar to the "Modify MX Record" option) to CPanel. Just brainstorming from half-understood information.

--Jason

[flipdoubt]

Sorry if this sounds ignorant, but what's that bit about ISPs that block SMTP traffic to servers other than there own? Sounds like that would be an industry wide problem, so I assume the "standard" would address it.

Thanks for your answer.

[jason]

Many ISP's, in an effort to block spam coming from their networks, block their clients from seding anything on port 25 (SMTP) to servers other than those that they own. So, if you are using one of those ISP's and you host domain.com here, and you try to send mail from your domain using "mail.domain.com" as your mail server your attempts to send mail will just time out. Instead you'll have to use "mail.isp.com" which will allow you to send mail from you@domain.com just fine. From an end user's perspective, unless they study the message headers, they won't know (or care) what server you used to send the mail.

The Microsoft plan, from my understanding, is that when a message comes in to one of their servers they'll do a DNS query on the sender's domain to see if the server that sent the message is "authorized" to do so. So again, if the message is sent from mail.isp.com, but the From: address is you@domain.com, MS will look at the DNS entry for domain.com to see if mail.isp.com is listed, which it won't be (unless JPC provides some way to add it), so the message will be subject to more scrutiny.

Perhaps, if this plan gains widespread support, ISP's will drop their port 25 blocking policies, but like most things, it will be a slow process to get that kind of support, so the port blocks will probably stay in effect for a while (which will make the system not work as planned and slow the adoption rate). Its going to be a Catch 22, IMHO.

This wouldn't be a bad system because it would cut back on a lot of spoofing, but I think it will take a long time to see the benefits.

--Jason

[Galen]

That article in a nutshell:

Any ISP or anyone else who runs a mail server who does not go along with Microsoft's plan will find their users basically shut out from being able to send mail to anyone with a Hotmail or MSN account.

For example, let's say that this plan goes into effect, but AOL decides not to go along with it. They don't like the idea or whatever. So, AOL doesn't implement the Sender IDs with their DNS.

Fast Forward > > > > >

A few weeks later, Bob has to send a major report to his bosses on the opposite coast. Bob uses his e-mail address bob@aol.com to send to his boss at bossman@hotmail.com Sadly, the MS servers don't find a Sender ID on Bob's e-mail (since AOL didn't conform to the "plan") and Bob's e-mail is considered spam and gets deleted.

Bob loses his job. No one else will hire Bob because he's unreliable (hey, the guy can't even be trusted to send an e-mail on time, right?). Bob's wife leaves him and takes their baby girl with her. Bob takes a header off the Sears Tower a week later.

The moral of the story: Microsoft killed Bob; those murdering b*****ds!

Any questions?

[jason]

Actually, Microsoft did kill Bob. Remember that bomb of an app that came out around the same time as Windows 95?

Actually, the article says that Microsoft won't automatically can a message just because it comes from a server that isn't "authorized" to send from that domain, other criteria will also be tested, too. So as long as Bob's report isn't on Viagara marketing teactics then it will probably still make it to the boss' inbox.

--Jason

[Galen]

Sure hope Bob doesn't work in the Advertising business then, eh?