Dear spf specialists and discussants,
I'm running but a few servers for a university institute, and maybe I'm
missing the point - if so, please forgive me. Fighting spam is obviously
a good thing (TM), but I'm somewhat uncertain about the relative merits
and problems of your approach.
Right now, I'm free to use each and any of a couple of email addresses I
have, and send messages through servers that use one of a few ways of
authentication (AUTH with DIGEST-MD5 or TLS with authentification by
certificates).
With spf, I'd be out of luck since I'm using a DSL dialup line quite
often, and have different IP numbers all the time. I have no authority
over the DNS server for the boxes I run at my place of work, so I
couldn't possibly have spf records installed for the (large...) IP space
allocated to my DSL provider. If I could talk the DNS people into
installing such records, all the bad guys using the same provider could
use our servers to forward spam mails. To make a long story short: Your
spf system would impose major restrictions on my use of e-mail and still
could be circumvented.
What about Johnny Spammer - why shouldn't he buy a class C network, set
up a DNS service complete with spf records, and a couple of MTAs, and go
for his ugly business?
As far as I can see, Johnny Spammer earns profits from his mailings. He
will not stop spamming if he can buy around the measures taken against
this activity with a comparatively small amount of money, will he?
Regrettably, that's what I thought about after reading your "let the
market decide" comment.
On Sun, 2004-01-11 at 14:37 -0500, Meng Weng Wong wrote:
The most vocal objectors to SPF tend to be those who, in one way or
another, built the existing system and are comfortable with it.
Developers of mature MTAs eg. Sendmail and Postfix should be expected to
take a conservative stance with respect to any new technology, and
rightly so: that's their role. It's our job to disrupt them by giving
the world a better way to to do things, and let the market decide.
Hey come on. In a previous message on this discussion list, I read a
suggestion to "evolve" mailing lists into IMAP servers - why not remove
the tires from a car and add helicopter blades: This will definitely
allow you to forget traffic jams in rush-hours - but what you end up
with is no longer a car ;-)
One of the architects of the current SMTP model wrote to me with his
list of objections. His criticisms were all valid, but when I got to
his conclusion, that "this will never work because I say it won't", I
couldn't bring myself to agree. But the point of the story is, in his
.signature, he had his email address encoded with "to figure out my
email address, take my first name, leave off the NOSPAM, " at "
something " dot " "com".
This is someone who built the current email infrastructure, and he has
to resort to "NOSPAM" notation to hide from spammers? And he says SMTP
isn't broken.
No, the point is that he had "valid criticisms". Why don't you cite and
comment those criticisms?
SMTP were broken if it had been designed to be spam-safe - but take it
as a fact: it hasn't. Saying SMTP is broken because it is not safe
against spam mails is equivalent to noting that cars are broken since
you can end up in an ugly traffic congestion if you use them.
The "NOSPAM" notation, in contrast to the spf proposal, does not impose
any restrictions on current emailing procedures. Its efficiency in
stopping spam may be low, but remember: the costs it imposes on email
users are nil.
Best wishes and regards,
Yours
Ernst
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡