ietf-mxcomp
[Top] [All Lists]

Re: Trouble with Sender Authentication

2006-11-10 10:42:29

On Fri, 10 Nov 2006, Julian Mehnle wrote:

If money never changes hands, how come the SPF support team gets support 
requests like the following?

| Topic: Support request
| Name: M* P*
| 
| My e-mail at Mp*(_at_)*(_dot_)net is not compatible somehow with you 
recieving
| messages.  Please use my alternate e-mail address at 
m*p*(_at_)yahoo(_dot_)com(_dot_)  My 
| question is-where are the meds I ordered?  Payment has been deducted from
| my bank account, but I have recieved no meds.  Thankyou for your
| help..................MP*

These questions happen to real businesses all the time, and don't
usually represent frauds, but rather honest mistakes; mistakes that the
business corrects promptly.  You example doen't show any evidence that
the person in that case was defrauded.

(Yes, I had a good laugh when reading that.)

Too bad. I'm sure your job isn't for your amusement.  Wait....  You are
handling support for a pharmacy?  A genuine commerical bulk-emailing
pharmacy?

Oh, right, next you're going to claim that this was a legitimate
buying transaction with a non-spammer, not some poor bastard falling
for a spamming fraudster (before then also tripping over an SPF policy
violation).

Yes, you forgot to mention whether the person bought a product from a
CAN-SPAM compliant emailer, or using a web site not involved in bulk
email, and then just had a problem with email, later.  Funny that, huh?  
But it seems to have come from your company....

But you do have a point about there existing real frauds.  However, real
frauds are already crimes. SPF is not going to stop real frauds, nor
real criminals.  Criminals will put up SPF records. Spammers were in
fact the early SPF adopters. Criminal con-artists used to (probably
still do) rent storefronts, too, to appear legitimate during the con.  
The notion that SPF records somehow prove email legitimacy just helps
promote frauds by confusing users about what defines legitimacy.

I'm not saying that there aren't real frauds out there.  But I am saying
that the 600 spams I recieve a day mostly do not represent real frauds.  
Only about 70 of them represent genuine commercial bulk emailers.  
Practically all of the ~70 are CAN-SPAM compliant That leaves an awful
lot that are neither real frauds, nor genuinely commercial.

                --Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   


<Prev in Thread] Current Thread [Next in Thread>