spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: will resistant MTAs be fronted with commercial antispam gateways?

2004-02-10 13:49:47
from [wayne] [Permanent Link] 
In <20040210203849(_dot_)GW6151(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:


We've been trying to convince Unix MTA authors to incorporate SPF
support.  This effort has met with limited success.  [...]

The fact remains that to date, antispam vendors have been much, much
more receptive to SPF than the MTA community.  [...]



I think that the reluctance we are seeing from MTAs is mostly due to
the code maturity levels.  The patches to the MTAs are new, the SPF
implementations are new, and the SPF spec is new.  For those who don't
understand SPF, this looks like a very high risk item.

Anti-spam vendors are used to having to deal with fuzzy answers that
may be wrong or misleading.  If the SPF check gives the wrong answer
in an anti-spam product, there is a good chance that other parts will
correct for it.  MTAs, on the other hand, either accept or reject the
email.  If SPF is wrong, there is no fall-back.

Anti-spam products are usually run as unprivileged processes, often
long after the email is off the mail server.  MTAs have to have
certain privileges to open port 25 and write to mailboxes and such.
They are also exposed directly to the Internet.  A remote root exploit
or a DoS attack just can not be allowed.  Anything as complex as SPF
is going to need a lot of study before it is trusted.

Many people who are on this list have done the studying of SPF to make
them feel relatively comfortable with putting SPF into MTAs, but we
are the exceptions.


To be honest, I think trying to push SPF into MTAs right now is doing
far more harm than good.  It looks rushed, and that makes the
conservative MTA folks feel even more nervous.


-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-20040209.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  will resistant MTAs be fronted with commercial antispam gateways?, Meng Weng Wong
Next by Date:  Re: will resistant MTAs be fronted with commercial antispam gateways?, Meng Weng Wong
Previous by Thread:  will resistant MTAs be fronted with commercial antispam gateways?, Meng Weng Wong
Next by Thread:  Re: will resistant MTAs be fronted with commercial antispam gateways?, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]