spf-discuss
[Top] [All Lists]

Re: softfail considered harmful

2004-02-19 08:08:28

----- Original Message ----- 
From: "Brian Candler" <B(_dot_)Candler(_at_)pobox(_dot_)com>
To: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
Cc: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, February 18, 2004 6:51 PM
Subject: Re: [spf-discuss] softfail considered harmful


On Wed, Feb 18, 2004 at 07:47:31AM -0500, Hector Santos wrote:
A True Positive can not be trusted 100%, where a True Negative has a
100%
trust value:

      0 < trust positive < trust negative = 100%

A example if a True Positive would be a SPF compliant spammer who said
"wow!
maybe I can sneak in if I add a SPF record!"

Erm, I think there is a distinction between:
(1) trusting that this mail came from domain X, and
(2) trusting that this mail was not spam

In my technical view,  at the protocol level,   SMTP has no business in the
"fuzzy" world of mail content interpretation.  The SMTP interest is only
that the client/server transaction is "valid," however that can be achieved.

So as far as I can see, the level of confidence you can have in either a
positive or negative answer from SPF is about the same.

Not at all.   hmmmmmm, I think I understand your position.  Did you make the
assumption that SMTP is not going to reject at the protocol level?

A system that says only machine X is allowed to send mail,  provides 100%
trusted rejection result when machine Y is rejected for trying to send mail.
On the other hand,  Mail from Machine X stills need to be further tested.

The difference is this:

SMTP now has 100% trusted decision making ability to reject a transaction at
the protocol level.    This is what is missing in the SMTP process today.
Hence why we have the problem in the first place.  Little to none reliable
way of "rejecting"  anonymous access transactions.

With a SPF pass result,  SMTP can not confidently make a decision to reject
the message (which like you said, could be spam).  But it must move on to
the next step and if there is no other testing to be performed at the
protocol, then you accept it and let so post validation or mail filter
system take control.

This form of post validation operation is what the SORBIG-generation email
viruses feeds on.  They love systems that is going to try to bounce mail.

If you reject at the protocol level, you have no bounce.  That is a major
big difference.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



<Prev in Thread] Current Thread [Next in Thread>