spf-discuss
[Top] [All Lists]

Re: Calling ISPs: does bandwidth matter to your bottom line?

2004-01-26 11:28:33
On Mon, 26 Jan 2004, Mark Shewmaker wrote:

: > Yes, but the expense comes under the assumption that a body check is perhaps
: > the *only* SPF method provided by the potentially forgeable domain in their
: > TXT record.  If that's the case, then there is no envelope check at all, and
: > it is indeed more expensive to process that message's SPF authenticity.
:
: I can agree with that.

: However, to be fair, a big reason to allow for body checks in future spf
: versions would be to allow for that sort of thing.

And why is that...?

: 2.  "Also consider mail purporting to be from my domain and not from
:     the above IP's, but containing mumble-mumble signature check in the
:     headers, to be from my domain."

Please, for the love of Jon Postel, NO.

(And policy issues aside, I already know that a "signature check" sender
verification flag is likely to get the boot by the majority of admins, thus
reducing said check to the short circuit "unknown" result.  Ick.)

: I would like future spf proposals to allow for that sort of traveling
: salesman scenario

There has been a correct fix for the "traveling salesman" problem for the
better part of a decade now.  It's called "authenticated SMTP," which can
refer to SASL or the earlier POP/IMAP-before-SMTP.  Large ISPs have
implemented this correct fix now for some time.  I would really rather *not*
see backpeddling on this front, as it has made SMTP more reliable and
traceable by several orders of magnitude.

Do you have some other example where body checks would be useful?  I'm at a
loss to understand why anyone should be publishing such records.

What we want is as few "unknown" results as possible, and with what I've
observed of admins wrt message-body checks, adding such things to a later
revision of SPF is likely to increase "unknown"s in the long run.

-- 
-- Todd Vierling <tv(_at_)duh(_dot_)org> <tv(_at_)pobox(_dot_)com>

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡