ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: So here it is one year later...

2005-01-27 20:19:40
from [Dean Anderson] [Permanent Link] 

On Thu, 27 Jan 2005 terry(_at_)ashtonwoodshomes(_dot_)com wrote:


-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Dean 
Anderson
Sent: Thursday, January 27, 2005 8:48 PM
To: Gordon Fecyk
Cc: IETF MXCOMP (E-mail)
Subject: Re: So here it is one year later...



On Thu, 27 Jan 2005, Gordon Fecyk wrote:



...since the first rumblings of talking about a working

group, and there's

been no press on MARID since the breakup of said working

group.  No press

from Microsoft, no press from the SPF crowd, no press from anyone.


The working group broke up because of unresolvable technical problems.


Get specific Dean, the unresolvable technical issues was the the PRA is
broken, NOT SPF.  So it is SenderID's PRA component not its SPF
component that caused the technical failure.


That was _a_ problem. It wasn't the only problem.


And the senderid venture was doomed to failure anyway because of the M$ IPR 
crap.


I agree the IPR crap was a bad thing. (I am the president of the LPF,
after all).  However, I don't think it doomed standardization to failure.
The IETF has standardized RFCs with patented algorithms before.  People
made an informed choice, and decided that anti-spam technology is
something that needs to be pervasive, free, and unencumbered.  This has to
be a major concern for the privateers interested "making a fortune in
anti-spam"


And no instructions included on how to compile, install, or

use what little

software is available out there.  Except for the few commercial (and
expensive) offerings by GFi.


If you aren't a developer of SPF, probably you shouldn't be using SPF.


Wrong again.  And the proof is that there are many domains that implement 
SPF, successfully.


Most them are spammers.


What gives?  Has the whole world lost complete interest in

stopping spam?  Is

spyware really the next big threat to the Internet that the

US Congress is

looking at legislation for it but not bothering with spam anymore?


No, the world has just realized that SPF doesn't work, and won't stop
spam, nor stop forgery.


SPF never pretended to stop spam. 


That isn't what Meng Weng said it Linux World. He said it would end spam.  
There are many other similar articles.  Indeed, Microsoft also announced
it would "end spam".


 It does prevent forgery,


Demonstrably, it does not. Excluding DNS spoofing, which is also trivial,
one only needs an account at the same ISP as the forgery target.  Many
ISPs will not use SPF because of the DOS vulnerabilities, and unless
everyone use SPF, it will not stop forgery, even given an assumption that
every domain has a unique IP (which isn't a realistic assumption)


 it does not prevent phishing, but then no technical solution will ever
solve phishing as long as MUA's like Outlook show "pretty names" for
everything, suppressing the try underlying identities of everything from
email addresses to attachment types.


I didn't hear anyone say it would prevent phishing.  Phishing is only 
tangentially related to forgery, anyway. Even if you could stop forgery, 
it would not alter phishing.


In its present form, SPF does nothing except create more opportunities
for email abuse, and promotes spam and email abuse.  Most people are
interested in things that work. Fewer are interested in making things
worse.


I cannot see how you come to that conclusion, (especially not on your
lack of facts you presented).  


Facts were already presented. The working group dissolved.  Look at the
IETF-MXCOMP archives. About 15 different critical, insurmountable problems
were listed by me and others.


It does however well illustrate that there was/is an effort to scuttle
SPF.  Mostly by those with alternative products.  Which is interesting,
because if SPF was not a threat to the alternative products, they
wouldn't try to scuttle SPF.


None of the people speaking about SPF problems have alternative products.  
Some of the people in favor of SPF however have significant investments in
products, or have interests in its other properties, such as preventing
email outsourcing by binding together email and access.  AOL, MSN, etc for
example, have interests in the latter.

The SPF steamroller attempts to move on anyway.

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Abusive blacklist, Dean Anderson
Next by Date:  Re: So here it is one year later..., Frank Ellermann
Previous by Thread:  RE: So here it is one year later..., terry
Next by Thread:  Re: So here it is one year later..., gmc
Indexes:  [Date] [Thread] [Top] [All Lists]