ietf-mxcomp
[Top] [All Lists]

Re: Adoption of MARID, SPF and alternatives and thoughts on cost (was: on per-user macros; and the IETF's role in a deployment) campaign

2004-05-12 19:48:28

On 5/12/2004 2:09 PM, Roy Badami sent forth electrons to convey:

"wayne" == wayne  <wayne(_at_)midwestcs(_dot_)com> writes:
   >> of deployment otherwise.

   wayne> With many major ISPs publishing records and very rapid
   wayne> increase in the amount of email being check with SPF, I
   wayne> think the prospects for substantive levels of deployment of
   wayne> SPF is very good.

And when SpamAssassin 3.0 is released in a couple of months, the
number of people performing SPF checks will increase markedly, I would
guess.

For someone who is interested in publishing LMAP records, there is
little incentive to publish just one type of record: they may as well
publish all types of record that both have a significant number of
sites checking them and allow them to describe their desired policy.

That's not true. Publishing a record that lists the IPs that may use a domain in HELO is much, much easier in most cases than publishing a record that lists the IPs that may use that domain in 2822.From. See the CSV+++ discussion thread I started, and/or the 40% solution thread.


For someone who is interested in checking LMAP records, there is
little incentive to check just one type of record: they may as well
check every type of record that is published by a significant number
of sites. I predict that there will be a number of integrated tools
that will check many types of LMAP records... I'm strongly suspect
that SpamAssassin will add checks for other LMAP records as and when
they start being deployed, for example--(2)

So will MARID become yet another record we all end up publishing and
checking, or will it supplant the other record types?  If it becomes
yet another record, will it gain us anything?
Yes, I thik so - e.g. potentially much more rapid adoption of records containing -all, or the equivalent, leaving SPF in the dust.
Again see the CSV+++ discussion thread I started.

I'm really not trying to promote SPF here; the only reason I publish
and check SPF records rather than some other kind of LAMP record for
my personal domain is because the spec and the tools are there, and it
has a userbase.  (I'm happy to be a follower here.  It's only useful
to me to publish records if people will check them, and it's only
useful to me to check records if there are people publishing them.)

In fact, I'm far from convinced that LMAP will have a significant long
term impact on the spam problem, though I certainly think it could
make a significant dent in the problem in the short to medium term
(before spammers start publishing LMAP records).  But, like most
people these days, I'm prepared to try pretty much anything to tackle
spam, as long as it seems (to me) to be deployable and has acceptable
(to me) cost.
You are one of the small minority of SPF adopters who's been able to publish a -all.
(Anyone have stats?)