On Fri, 9 Jul 2004, Dave Crocker wrote:
We do not have statistics about the extent of use of forwarding
scenarios, although we do know that it is used quite a lot, by many
people and in a variety of ways.
We have about 32,000 accounts on the University of Cambridge's central
message store, and about 7400 (23%) of them have some kind of Sieve
redirect set up. 4700 of them are to non-Cambridge addresses, i.e.
FIFTEEN PERCENT of our users will have trouble with the deployment of
designated sender schemes such as SPF and SenderID.
Note that this is a view of outgoing email; it's much harder to tell what
proportion of our users have forwarding aliases that direct email here. If
the outgoing figure is any kind of indicator it would be irresponsible of
me to enable SPF checks on incoming email. I'll be disabling that part of
SpamAssassin 3.0 when I deploy it.
On Thu, 8 Jul 2004, Meng Weng Wong wrote:
We should also keep in mind the positive scenario for SenderID:
I think this is a bad idea, because it is the negative scenario that is
the problem. Neglecting that means you are not clearly defining the cases
in which your protocol can be reliably used to identify junk email.
we're moving toward a paradigm of "assumed guilty until
proven innocent" (AGUPI).
I note that no satisfactory fixes have been suggested for the forwarding
problem. Some, such as SRS and the PRA algorithm require modification of
the email software at any site which implements forwarding, and in the
case of Cambridge it will require a complete re-engineering of our virtual
domain system with a significant increase in complexity and decrease in
performance.
Others, such as trusted-forwarder.org, drive a coach and horses through
the security model and completely negate AGUPI. If SenderID is ratified
and people start using it, I would expect a very large proportion of the
academic world to sign up to trusted-forwarder.org which would in turn
make them a really choice target for hacker-phishers.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
ST DAVIDS HEAD TO COLWYN BAY, INCLUDING ST GEORGES CHANNEL: NORTHWEST 4 OR 5,
OCCASIONALLY 6 BECOMES WEST TO NORTHWEST 3. RAIN OR SHOWERS BECOMES MAINLY
FAIR LATER. MODERATE OR GOOD. OCCASIONALLY ROUGH AT FIRST, OTHERWISE MODERATE
DECAYING LOCALLY SLIGHT.