I'm not bending the internet to my will. I take offense to this as I am not
doing ANYTHING of the sort. And no one is forcing you to comment. Silence
is your other option. :-) This type of rhetoric is nonsense. So please
throw it else where if you don't mind.
Of course, the product has a whitelist component to it. Of course, like
with everything else, there are (although extremely rare) False Negatives.
The fact is, most good mail from good running systems, not bad running
systems, and most bad mail does come form bad running systems - that is why
the new wave of anti-spoofing technology has emerged. If all spammers why
good smtp compliant systems, then we wouldn't be in the mess. In any case,
by far nearly 100% of the time, as it as the natural course of action for
most systems, if it was legit, you will get some kind of notification or
feedback one way or another. Someone will report it. Just like Rolf did.
But he choose to make an issue of it with unknowledgeable snide remarks.
The irony of course, he didn't even have a SPF record which would of made
it a non-issue. :-)
From a design standpoint, something like the timeout issue will only be done
as an increase coupled with the 45x response for timeouts. However, it is
rare to see this. It is a non-issue in my book, and trust me, if it was a
problem, I'll be the first to address it. I'm too old and too experience of
an engineer to have regrets. For what its worth, wcSAP has been out for 5
months now in over 25 beta sites hand picked from small to 500K+ messages
per day systems intentionally selected around the globe to get different
perspectives, from South America to Europe to Asia. There is no doubt in
my mind the system is an overwhelming success to address the current
behaviors of spoofing spammers at the smtp level. It goes to gamma in about
1 week and that about 500+ gamma systems.
Once again, I wish to repeat, it (CBV) is the only the final test in a suite
of 4-5 test performed.
later
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "David Brodbeck" <gull(_at_)gull(_dot_)us>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, March 15, 2004 11:50 AM
Subject: Re: [spf-discuss] Latest proposal re HELO checking: make HELO tests
optional
On Sat, 13 Mar 2004, Hector Santos wrote:
The reality is, the CBV, believe in them or not, are real. They exist
and
they will continue to exist and grow.
Probably true, but I feel that arguing with people about this is pretty
pointless, at least for me. There are always going to be a certain number
of "problem children" and nonstandard systems out there. If they're ones
I care about, I whitelist them. It's easier than arguing about whose
interpretation of the RFCs is the correct one and keeps me out of
religious arguments.
If you're going to run something non-standard like CBV, you have to take
the responsibility for maintaining a whitelist of hosts it doesn't work
with if you want to receive mail for those hosts. Trying to get the whole
internet to bend to your will won't work.
Just my two cents.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com