Re: MARID vs. MASS


SPF isn't fundamentally evil, but it certainly has been overhyped past the
point of recognition.  SPF is useful to whitelist known fixed-source
senders, but that's all it's good for.  If you send a lot of mail from one
place, as most bulk mail houses do, you'll think SPF is wonderful.  If you
have users doing odd things from odd places as consumer ISPs and
universities do, you'll think it's considerably less swell.

It's true, a bazillion people publish SPF records, but as the guy from
Godaddy noted at the FTC meeting, a whole lot of those records are wrong
which makes it hard to argue that the sheer bulk of them means anything
other than that they were persuaded that publishing SPF records would be
good for something or other.

SPF, CSV, and message signature schemes all do different things.
Although the current 30 Dec draft of SPF says you can check the HELO, that
bit of it is badly broken since it uses the same set of IPs to check HELO
as to check MAIL FROM and, for example, whereas there are a whole lot of
machines that can send mail from aol.com, no machine should HELO as
aol.com.  SPF makes it possible to distinguish HELO from MAIL FROM by
using macro expanded redirects, but it's tricky and complicated.  I don't
entirely understand how the macro expansion interacts with their zone cut
faux wildcards, and I don't think anyone else does, either. CSV is
designed to give a reliable answer to a simple question: "Is this host
authorized to send mail?"  That's a different question from the ones that
SPF asks.

Signature schemes ask yet a different question.  Whereas SPF asks "could
the message have come from this domain", signature schemes ask "did the
message come from this domain."  That's a different and considerably
stronger assertion.

Signature schemes also can deal differently with roaming users (the domain
can give the user a signing kit if they want) and forwarders (a debatable
fraction of signatures survive various kinds of forwarding.)

These schemes do different things.  They don't compete, except, of course,
for mindshare.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Web pages for MASS effort, (continued) RE: Web pages for MASS effort, Hallam-Baker, Phillip Re: Web pages for MASS effort, John Levine RE: Web pages for MASS effort, william(at)elan.net RE: Web pages for MASS effort, Tony Finch RE: Web pages for MASS effort, Hallam-Baker, Phillip RE: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, Andrew Newton Re: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, wayne Re: Web pages for MASS effort, David Woodhouse Re: MARID vs. MASS, John R Levine <= Re: MARID vs. MASS, David Woodhouse Re: MARID vs. MASS, John R Levine Re: MARID vs. MASS, David Woodhouse Re: MARID vs. MASS, John R Levine Re: MARID vs. MASS, Justin Mason Re: MARID vs. MASS, David Woodhouse Re: MARID vs. MASS, Douglas Otis Re: Web pages for MASS effort, wayne RE: Web pages for MASS effort, Hallam-Baker, Phillip RE: Web pages for MASS effort, David Woodhouse

Previous by Date:	Re: Good as the enemy of OK, Douglas Otis
Next by Date:	Responsibility assignment ad mailing list survival (was RE: Good as the enemy of OK), Robert Barclay
Previous by Thread:	Re: Web pages for MASS effort, David Woodhouse
Next by Thread:	Re: MARID vs. MASS, David Woodhouse
Indexes:	[Date] [Thread] [Top] [All Lists]