ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unified SPF: block versus factored records for HELO and MTAMAark scopes

2004-06-24 07:50:06
from [Meng Weng Wong] [Permanent Link] 

On Thu, Jun 24, 2004 at 09:07:42AM -0400, John Leslie wrote:
| 
| 
|    Thus, I believe we need a truly "lightweight" mechanism to separate
| whether we're dealing with an unauthorized zombie computer. SPF is
| simply _not_ lightweight enough.

The question of the relative weight of block vs factored
records has been addressed in the past.

  http://www.imc.org/ietf-mxcomp/mail-archive/msg02115.html

In my discussions with Microsoft and AOL, I have gathered
the impression that large mail receivers favour block
records because they are more easily cached and more easily
transformed into a representation native to their internal
antispam engines.  Factored records which require a new
lookup for every cache negative are, in their world, not
lightweight by comparison.

I should have shared this input sooner as a justification
for block records.

|    If we reach a situation where turning on the SPF feature brings
| each MTA to its knees, the feature _will_ be turned off quickly. And
| the management of that MTA won't be inclined to turn it on again. And
| the word will get out.

This is an important caveat, and one which we should all
do our best to avoid.  The folks at sendmail.net are
researching this very point as part of their testing and
analysis; I expect our speculation about the relative burden
of each approach will soon be informed by better data.

| HELO and RFC2822. Inevitably, that will lead to a large number of
| domains advertising relatively open SPF records, and those relatively
| open records being used to "authenticate" HELOs of MTAs which the actual
| domain never had the slightest intent of trying to control. And, since
| all of this is publicly available in DNS, spammers will quickly compile
| a list of these.
| 
|    But it gets worse: Meng actually advises bypassing further checks
| if the HELO passes SPF checking and the domain passes reputation checks.
| (Think about it, Meng: I'm sure you'll relent.)

In the next revision of the website I will try to be very
clear about the ways in which receivers might put SPF
records to use, and how senders can accommodate the
different scenarios.

| 
|    Think it through, Meng: ease of advertising should never be sought
| at the expense of _accuracy_ of advertising.
| 

Yes, this is very true and important.

I will also write up some text to explain in detail exactly
what the deal is, and what people are buying when they buy
in to the system.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Unified SPF: scope macro to distinguish identities, Meng Weng Wong
Next by Date:  SPF Domain Lookup Analysis [was Re: Some stats on TXT usage in domain names (updated)], Hector Santos
Previous by Thread:  Re: Unified SPF, John Leslie
Next by Thread:  Re: Unified SPF: block versus factored records for HELO and MTAMAark scopes, Roy Badami
Indexes:  [Date] [Thread] [Top] [All Lists]