ietf-mxcomp
[Top] [All Lists]

Re: consensus call on pra/mailfrom deployment and versioning/scope

2004-09-08 17:21:05

I vehemently object to standardizing fragmentation of e-mail via scope, 
especially when one scope is proprietary one from an entity who in the past has 
used monopoly leverage to "embrace and extend" as a means to convert de facto 
standards into proprietary standards.

We will end up with a fragmented internet e-mail system separated into 
proprietary (pra) and free software (mailfrom).  I will never vote to give 
ammunition to any attempt to fragment the fundamental protocols of the internet 
into proprietary and free software camps.  That is entirely against the spirit 
of what has made the internet successful worldwide.  Do we really need another 
"browser wars" in e-mail?

Instead I support a single DNS record which can be used by either proprietary 
(pra) or free software (mailfrom).

If Microsoft wants to use their leverage to popularize a DNS record which can 
they can use in their proprietary software, which can also be used by free 
software, then I would fully support that.  This is quite different from giving 
a vote of approval for Microsoft to use their leverage to "embrace and extend" 
the core internet.  Microsoft can freely use their leverage to create a 
separate DNS scope without the endorsement of the community concensus, but we 
must not encourage that by endorsing fragmentation as a standard.

Also there is no compelling technical advantage to a fragmented scope.  The 
fact is that per-domain anti-forgery will not stop all forms of phishing or 
e-mail forgery, nor will it stop spam.  For example, in pra, the Resent-Sender 
could be not forged, but the From: header could be forged.  In mailfrom, the 
MAIL FROM: envelope could be not forged, but the From: header could be forged.  
These proposals can help anti-spam as an added input data regarding the source 
of an e-mail to feed into probability anti-spam analysis, as well perhaps 
others will explore different UI approaches to presenting the datum.  It will 
require experimentation and new innovations in using this new data, so the 
larger risk is on fragmenting who can use which data.  IMO either proposal 
might be quite effective at stopping phishing in some scenarios.  But in no 
case does this potential success justify fragmenting the core internet i the 
process of trying to achieve some marginal improvement in e-mail source 
authentication.

Additionally there are technical advantages to not polluting the DNS with 
proliferation of "extend and embrace" wars on e-mail.

I completely agree that getting Microsoft and other corporate players on board 
is very helpful, but not at the cost of the other future billions of internet 
users who will probably use free software (third world countries for example, 
such as the UN's recent efforts to increase penetration in Africa using free 
software).

-Shelby Moore
http://AccuSpam.com