Weblog for Costin Manolache: SPF and the end of personal mail servers

May 11, 2004

SPF and the end of personal mail servers
Many people are running Linux of BSD with the bundled SMTP server - and some of them use the same setup I have - running the mail server on their computer as to forward their mail. This is especially nice if you have multiple email addresses and/or if you use a laptop - you may be offline or in different networks, and the SMTP server can easily take care of delivery and queuing. It is a sort of "send only" mail server, combined with fetchmail or similar solutions to get the mail from multiple accounts.

This seem to be coming to an end if SPF gets widely deployed and in the current form. The only mail servers that will remain are those with a DNS entry and static addresses - if you don't have a domain or if you have DHCP or laptops, most likely this will no longer work if you send mail to any SPF server.

I believe this is the biggest problem with SPF - forwarding can be hacked, but cutting out the small users is a very bad thing. Maybe in US everyone can afford a DNS server and static IP addresses.

So the only solution would be to replace the personal SMTP server with something else, that will use different "smart" relays based on the source address and conditions. None of the major servers supports that AFAIK - the "smart" relay will likely require user authentication, and you will probably have to use multiple smart relays. The good news is that this could be extended to support other forms of transports - like the weblog posting. My current solution is to send a mail to myself and then use procmail to transform it to a SOAP request - but it would make more sense to use a local SMTP server that can support multiple protocols and servers based on different parameters.

Unfortunately - it's not only SPF. Domain signatures may have exactly the same effect if implemented in the same exclusive way as SPF. I remain convinced that both SPF, domain signature, personal header signatures, PGP, SMIME are all extremely valuable tools - it's just the bad exclusive use that makes them dangerous. Just like SPAM and viruses has many forms and tactics, mechanisms to add trust to the outgoing mail should support multiple mechanisms and work with each other.

Posted by costin at May 11, 2004 08:59 PM