Dean -
The main issue John is disputing above seems to be whether
junk mail mostly comes from virus infected machines (as I
suspect) or whether it comes from commercial emailers
breaking the law (as I think John thinks). This is
basically a quibble.
Actually, the underlying issue from my perspective was your
reliance on a report which you claim was published by the
Federal Trade Commission containing a set of statistics
which you claim supports your conclusion as to UBE sources.
My problem? I can not find this report to verify your
conclusions and you have not provided a working link to
the Commission report you claim supports your position.
Having said this, as noted previously, this is not directly
relevant to the issue at hand.
Why? It is my understanding the purpose of this discussion
list is to provide constructive comment on the design
proposals presently before the WG.
As to the remainder of your comments, I fully respect your
right to express your views in counter to mine.
Let me explain why I do not propose to go further with the
debate.
The time and place for this debate was when the IETF
decided to form this working group.
To go further would be to wander far from the purpose of
this list given the working group's charter.
Finally, you go on to write:
The authentication and accountability aspects of SPF are
illusory and are not achievable in the SPF proposal as it
stands, nor can DNS be used to achieve these goals. This
subject has been discussed at length on the DNSOP and
DNSEXT lists, and it is generally agreed that DNS cannot be
the basis of authentication.
Dean, this is a most serious charge. However, it is made
without specific proof or example.
At the behest of myself and others, the WG chairs are
soliciting operational and security reviews of the marid
draft proposals (with a focus on the PRA algorithm) from
the graybeards, based on the various specific concerns
raised on this list and during the formal meetings of the
MARID WG.
Also, the WG chairs have arranged for tests to be conducted
of Sender-ID and CSV (not Sender-ID versus CSV) by a large
American ISP with the results to be reported back to this
WG.
In my view, this is the appropriate course for this WG to
take to assess the design benefits of Sender-ID.
I write Sender-ID, because the concepts behind SPF and
Caller-ID have been merged and a new design was brought
forward in mid-July, to be titled Sender-ID.
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.734 / Virus Database: 488 - Release Date: 04/08/2004