On Thu, 2 Dec 2004, David Woodhouse wrote:
On Fri, 2004-11-26 at 09:16 +0000, Chris Haynes wrote:
Let me focus on the heart of the debate, and I'm doing my best to be fair to
both sides here, and to use neutral language.
I think this is very useful; thanks. But I think you've slightly
misrepresented the 'conservative' position.
Still in the spirit of 'neutral language' , let me use the terms
'conservative'
and 'progressive' for the two positions I am aware of.
The conservatives look at the above example and say
"SPF is breaking the mail system. Forwarding has worked perfectly well in
the
past; it is SPF which is changing; it is SPF which is wrong. SPF should
not be
deployed".
That's not quite how I'd phrase it. I'd say it was more like this:
"SPF is breaking the mail system for no good reason. Forwarding has
worked perfectly well in the past; it is SPF which is changing; it is
SPF which is wrong. SPF should not be deployed because there are better
ways of achieving the same thing, without the need for such changes."
I think there was more to it than this:
1) Abuser can forge addresses at domain
2) Abuser can use stolen credential
3) DNS cache problems (more records per domain, same cache size)
4) DNS load (more records per domain)
5) Ongoing Maintenance issues
6) Migration issues
7) IP Renumbering issues
8) Lost non-spam emails
9) Lack of universal compliance.*
10) Not a basis for trust/reduced filtering
11) Makes forgery blowback problem _much_ worse
12) Patent issues
13) spam-profiteering / charges for SPF services
I think I left some things off that list. I'd say that "After more than a
year of intense technical analysis by 2 IETF working groups, in then end,
SPF didn't achieve any of the stated goals, and made some problems such as
'blowback' much worse." Perhaps this is aptly summarized as "SPF is
breaking the mail system for no good reason." I guess I'd take that as an
executive summary.
Also, I've been following the source routing discussion, and would note
that there were good reasons to have source routing (interaction between
incompatible networks), and good reasons not to have source routing and
use direct connection instead. These haven't changed. Source routing
really implies the attempt to partition the internet into a spam/abuse
part and a non-spam part. Such a partition is unrealistic.
I found it mildly ironic that the same people who said open relays were
bad and that source routing _MUST_ be disabled, are now advocating source
routing as a necessary solution. Anticipating that they next require SMTP
AUTH as mandatory, that will also not reduce spam, because EVERY spammer
is authorized via SMTP AUTH, either by a stolen credential or by a
disposable account. So the situation is still unchanged. To use a
farm-colloquialism: "You can't dam a river with a wire fence" Painting
the fence a different color won't help. Nor will changing from wood
fenceposts to steel fenceposts. A fence just won't work, and a solid wall
is impossible (wrt spam), and wouldn't work either, because unlike water,
a spammer can choose to cross the solid wall.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000