spf-discuss
[Top] [All Lists]

Lawsuits, angry business users, and SPF stupidity.

2004-01-13 04:56:29
Hi,

I hate spam, but just like 99% of all other business email users, I
can *never* afford to loose even as much as *one* email - EVER.

I strongly object to you guys forcing my ISP to trash my incoming
email without my permission.  I VERY strongly object to you guys
forcing my recipients ISP to trash my incoming emails without my
permission.

What advice are you giving to people implementing SPF as to their
legal risk when they trash legitimate customer emails?

In case you didn't already know - it's also a criminal offence in most
countries to intercept emails.  What legal advice are you giving to
ISPs about their criminal risk?

As publishers of software and standards which perform criminal+illegal
activities, and immoral purpose (erasing emails without sender or
recipient consent), what do you believe your own legal risk to be?

Finally, I run a (pay only, non-spam) personal remailler service which
legitimately maintains the real senders address (and due to MDN/DSN
standards, must maintain it in the envelope as well as other areas).
You SPF idea has the potential to (A) Destroy my legitimate business,
along with everyone else who operates anything similar, and (B) Puts
me at legal risk due to my customer emails not reaching their intended
recipients due to your SPF foolishness.  Should I ever get sued, I will
be forced to try and recover costs from someplace - either the
recipient ISP, or the SPF software authors (the latter being the most
likely, since the ISP will hide behind that excuse or risk criminal
prosecution as well).

And while I'm on the topic - what is the point of SPF??? - connecting
to the senders MX server and VRFY: or RCPT TO: should solve most
problems, and if you want to implement sender authentication, a new
SMTP request could be written, like "SPAM?: <sender> <recipient>" when
the senders MX server verifies whether or not that sender recently
sent any email to that recipient. TaDa - all problems solved, and no
collateral damage.

Of course - the best idea is a digital signature system built into
clients with revocation for spammers - but I notice that you carefully
avoid mentioning anything that has the prospect of working better than
SPF in your links. Tch tch tch.

What the internet REALLY needs is an "I am not a spammer" system so
that me and the businesses I correspond with can buy a 100% guarantee
that our email will never be trashed by the crazy anti-spam rules that
you and everyone else is busy dreaming up all the time (and yeah -
with revocation so spammers can't abuse it).

Kind Regards,
Chris Drake

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡