spf-discuss
[Top] [All Lists]

Re: on CAs as reputation providers; an argument for metric-based reputation services

2003-12-13 14:26:10
--Dan Boresjo <dan(_at_)boresjo(_dot_)demon(_dot_)co(_dot_)uk> wrote:

On Friday 12 December 2003 7:29 pm, marrandy wrote:
What has this to do with the SPF system ?

The thread was discussing the proper relationship between a sender
authentication scheme (which SPF is) and sender reputation schemes.

My view was that SPF is correctly making as few assumptions as possible
with  respect to the design of such a reputation scheme. This was
challenged as  wrong in preference to integrating a one-size-fits-all
reputation scheme into  the authentication system. Or at least that is
the impression I got.


Agreed. Intentionally forging someone else's name is almost always bad. Spammers can totally get around SPF by using their own domain. SPF doesn't try to prevent unwanted mail, only *forged* mail.

Forgery incurs additional costs, such as time spent analyzing to find the *real* sender, wasted messages to the forged domain that can't help to stop the spammer, etc.


To the original idea, I agree with you that trying to do too much would spell doom for SPF or anything else claiming to do-all and be-all of spam. Spam is a *hard* problem, and it's going to take many, many, different tools and efforts to fight it. SPF shouldn't attempt to solve other problems, not even very important ones.

Given that, other factors that make a message "unwanted" or a domain "not trusted" are beyond the scope of SPF and probably this list. Most lists tolerate some amount of off-topic chatter, and that's good, but I usually prefer to wrap it up briefly and recommend some other place for people to go for more detailed conversation about it (like SPAM-L maybe)...

--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>