[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-11-30 06:05:57
Hash: SHA1

In message <1448858775386-ceecd236-8b11ac04-a03b4438(_at_)fugue(_dot_)com>, Ted
Lemon <mellon(_at_)fugue(_dot_)com> writes

you seriously think that Google has special-case header parsing to deal with 
spam from Cornell students' infected computers?   No, they just use machine 

... and one of the things that the ML will be processing will be the
(tokenised contents of the) header fields... so having a pattern (of any
kind) within the header fields has the potential to be extremely helpful
in distinguishing good from bad

SPF allows me to discard all messages that claim to be from domain X but come 
from IP addresses not listed for domain X, which means that I never have to 
write a Received: header for that message.

It rather escapes me how one of your users will be able to determine
whether you received the email from a domain which had SPF at the time
at which you received it unless you record that information along with
the email (or do you think that DNS results are constant for all time?)

If you're relaying the email on to somewhere else then you're assuming
that there's a mechanism by which your policy regarding SPF becomes
known to those other people.

I'm unaware of such a mechanism existing at the moment -- and (this
might be relevant to charters, albeit I really don't think that there's
any real mileage in this topic at all) that although we have a scheme
for originators of email to publish policy recommendations about the
handling of email from their domains we don't have a similar policy for
relaying machines (and absent a Received header field it's unclear to me
what indicator we'd use to look up what that policy was).

  If there is no SPF for the domain 
that sent the message, I would like to just discard it as spam, but that's not 
safe to do because so many small sites don't implement SPF or get it wrong.   
But in any case where there is no SPF record, the site is definitely not 

that's a shame, I consider myself very trustworthy and I've never
bothered with SPF :-(

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

Version: PGPsdk version 1.7.1


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>