ietf-mxcomp
[Top] [All Lists]

Re: draft-schlitt-spf-classic-01.txt

2005-06-04 08:35:39

On Fri, 3 Jun 2005, Alan DeKok wrote:

  I have vanity domains where I'm the only person with mailboxes at
the domain.  I *am* the accountable administrator for that domain, and
I would like to be able to state so.  I would like to be able to say
publicly that any message not from me, using mailboxes at my domain,
is forged.

And just what benefit is there to being able to do this?  

I too, have pet peevs: I would like cats to use the toilet--I am sure
there is benefit to that.  But I am not so sure it would be worth millions
of dollars and the significant additional harms such as are involved with
SPF.

Abuse targeted at one particular domain is enabled by SPF in spades---its
called 100% blowback.

Alan, you've been subjected to significant mail abuse in the past. I
understand that you'd like to prevent mail abuse.  But this abuse isn't
spam, and SPF won't solve the problem of people trying to mailbomb you:
SPF makes it worse.  You will get mailbombed by <insert large ISP here>'s
mail servers sending you bounces. This is called blowback. It happens a
little bit whenever mail is forged. SPF can make it happen 100%.  It would
be impractical to block <large ISP>'s mailservers, so the SPF blowback
problem is much worse.  In your case (and in many cases of email forgery),
the mail is forged in order to generate hate mail and otherwise annoy you.
__You__ are the target. __You__ are being harrassed.  Unfortunately, there
is no technical way for you to stop your harrasser's from harrassing you.  
It you take away one toy, they will use another.  In this case, you are
giving them a new toy that is much worse because it is easier to abuse,
generates more abuse per message, and is harder to prevent abuse.

I am writing a paper on why SPF is fatally flawed, since its proponents
haven't yet addressed or even acknowledged the analysis and flaws
previously raised on IETF MARID working group---and since I've also
recently learned that they have been spreading false rumors about 'why
things did not progress at the IETF MARID working group.' They've been
apparently been telling people that there aren't any technical problems
with SPF, and that things did not progress at the IETF for 'non-technical'
reasons.

                --Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000