spf-discuss
[Top] [All Lists]

RE: Using headers instead of SRS

2004-01-25 13:11:03
On 01/25/2004 at 19:27 it was written:

[...]
Perhaps I'm being too paranoid, but let's say SPF causes spammers to
change  their behavior, but they adapt relatively quickly, and scramble
the  envelope sender to not match the headers.  If SPF causes relatively
little  pain for spammers, and much more pain for forwarders,
administrators will  find themselves looking at alternate proposals.  If
that happens, let's be  ready with v2.
[...]
This is actually a good enough argument to address this issue in SPF1
rather than wait for SPF2... The loss of confidence and faith among
administrators under SPF1 would adversely affect the implementation of
SPF2. This could easily jeopardize the viability of SPF being implemented
worldwide...

I don't think so. SPF will force spammers to use one of their own domains 
fpr the envelope sender. No matter what the user would see in the message, 
we will have a valid domain that belongs to the spammer (or at least its 
owners allows sending spam), so we can use this to block spam in the SMTP 
dialog. Blacklisting domains will be possible again.

I agree, the idea of stopping joe-jobs is _great_. Thereby forcing UCE 
perveyors to use their own domains would help us all immeasurably (the latter 
half being a system outside the realm of SPF).

But, if email administrators do not even implement/adopt SPF because of the 
affects it has on forwarding, then the first admirable goal of the SPF 
implementation is pointless (because we will never get there).

That is why I am concerned about the affects on forwarding now, rather than 
later...

I can even say that for our own MTAs, we are taking a little tighter stance on 
forwarders on individual accounts. It will be a stance that makes this 
particular issue a non-factor for our firm. But, I also know that this is not 
necessarily a case for many other email administrators. This has to be an issue 
that is considered thereby.

So it doesn't matter how much the content of the message is verifiable - 
the fact that we can reliably use the envelope information to filter spam 
against blacklists will be enough, IMHO.

Yes, content is not a factor here at all.

Cheers!

================================================================
Steven G. Willis     sgwillis(_at_)deepskytech(_dot_)com       772.794.9494
Deep Sky Technologies, Inc.          http://www.deepskytech.com/
http://www.badchickens.com/         http://www.store-secure.com/
AIM-iChat: dstisgwillis
================================================================
A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting frowned upon?
================================================================

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com