In <20031218222113(_dot_)GP31242(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
Vernon Schryver reminds me of this Arthur C. Clarke quote:
If a distinguished but elderly scientist says something is possible, he
is almost certainly right. If the same distinguished but elderly
scientist says something is impossible, he is almost certainly wrong.
I'll play devil's advocate here and defend Vernon.
That is nice, but the truth is that it is wrong. The safe money is
almost always on a project/company to fail since far more
companies/projects fail than succeed.
Vernon generally knows what he is talking about and is very good at
detecting and slicing through bullshit. Considering the number of
completely kooky anti-spam proposals that show up every week in NANAE,
having a knee-jerk response that the proposal is kooky is a safe bet.
I suspect that Vernon's "You might be an anti-spam kook if..." web
page is in part due to me and my "discussions" with Vernon about
SPF and I suspect that Vernon has me killfiled. (The FUSSP web page
is clearly due to many other factors besides me, the ASRG list in
particular.)
(see http://www.rhyolite.com/anti-spam/you-might-be.html )
Vernon raises a bunch of good questions, such as:
1) Designated-sender proposals have been around since the 1980s. They
have never caught on. Why should one that is proposed now be any
different? (IIRC, this question is address on the SPF website and
I agree with the answer. It is still a good question though.)
2) The SPF proposal will not make a significant impact on most UBE
until it is very widely deployed. (I agree with this, but SPF
solves many other problems long before then.)
3) There is a lot of overhype on the SPF website. (Many techies are
immediately turned off by any level of hype.)
4) If SPF was "real", it would have deployed working code long ago.
(I somewhat agree although, as is often the case, problems are not
as simple as they first appear.)
5) Designated-sender proposals confuse "magnitude" with "direction".
Yes, designated-sender systems would move things in the right
direction, but they will do so little to reduce spam that they are
a waste of time. (I disagree, see below.)
6) The sender-rewrite system is just plain UGLY! (I completely agree,
and I know of no one who disagrees.)
If Vernon's argument is that SMTP+SPF is inferior to a spam-free SMTP
without SPF, I would certainly agree. But "plain SMTP" ceased to exist
ten years ago. It got replaced by SMTP+spam. I would rather have
SMTP+SPF than SMTP+spam.
The thing I like about SPF is that it addresses a different class of
UBE than most other anti-spam systems. Bulk email detectors, such as
DCC, do a great job with mainsleeze. DNS blacklists stop very spammy
sources. Content filters can catch a lot of UCE. System that detect
deceptive practices catch a lot of UBE that tries to get around these
other systems.
SPF, however, addresses a lot of UBE that comes in the form of bogus
bounces, bogus challenge-response messages, bogus virus warnings and
other types of cruft that is all caused by trivially forging email
addresses. SPF plugs a hole that isn't easily plugged any other way
and when you consider how effective things like SpamAssassin is at
plugging most of these spams, SPF is not only moving in the right
direction, but it has a significant magnitude.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡