On Friday May 14, roy(_at_)gnomon(_dot_)org(_dot_)uk wrote:
"Neil" == Neil Brown <neil(_at_)brown(_dot_)name> writes:
Neil> Undoubtedly. However, what people "see fit" will likely be
Neil> influenced by what they hear/read. If people hear "MARID
Neil> and SPF can stop spam", they are more likely to use it to
Neil> try to stop spam than if they hear "MARID/SPF gives useful
Neil> weighting to spam detection heuristics".
I think that LMAP will certainly stop spam in the short term, in the
same way that checking the domain of the MAIL FROM resolved was quite
effective for a while. Then spammers adapted, and started using
non-existent localparts at valid domains.
If LMAP is only to be a short term measure, then it isn't worth the
effort.
Short term measures that can work with the current infrastructure (of
which there are several) are fine.
But a short term measure that requires lots of people to make changes
to be really effective is (in my opinion) unlikely to be worth the
effort.
We should focus on, and talk about, the long term gains. If you can
leverage the infrastructure built with the long term in mind, and get
some extra short term gains, that is good. But please keep the focus
where it should be.
Sender address verification (callback verification) is currently quite
an effective measure, though spammers are adapting and becoming more
inclined to send from valid addresses that don't belong to them.
LMAP will have a similar window where it is useful by itself; once
LMAP starts to be widely adopted, spammers will start to adapt and
publish LMAP records, and we'll have to move on to reputation
services.
"move on" ?? -- let's get it right the first time
"reputation services"?? -- no thanks, too centralised.
Still, there's a window when LMAP alone will be useful, and I think
that's what's driving a lot of the early adopters. By the time LMAP
becomes mainstream (and probably by the time this WG produces a spec)
that window will already be starting to close, with significant
numbers of spammers publishing LMAP records...
Which is extra reason to keep the short term gains out of the
discussion.
NeilBrown