On Tue, 2004-05-04 at 12:57, wayne wrote:
fyi;
I thought this was a nice summation of what has been happening with
SPF and the IETF. I disagree with Larry's final paragraph, but that's
about it.
http://www.eweek.com/article2/0,1759,1583421,00.asp
I completely disagree with his final paragraph also. How long has
everyone sat around bickering about what to do about SPAM? Man, they've
been arguing SO long everyone seems to have forgotten what the real
problem is. Probably the largest gaping hole in any internet
technology, is not only still a gaping hole, but its a gaping hole thats
been integrated into internet society, and now we're in a REAL
predicament. There are those who wish to remove the hole, and there are
those who wish to keep the hole because of its unfortunate "benefit" of
enabling things like forwarding services.
Whats particularly impressive is how its taken the vision of a man who's
bred and butter is exploiting this very hole. What a contrast, and who
better to develop a solution to this hole? This vision which has now
come to fruition through an open-source initiative, is pretty much the
first real stab and solving the actual problem here.
How many millions of dollars have people wasted on useless anti-spam
products when the solution is a combination of fixing a gaping hole and
implementing sender authentication? Most if not all of the solutions to
date are the equivalent of simply arresting escaping prisoners from a
correctional facility, but never fixing the method they are using to
escape in the first place!!
Its been way too long coming, and something needs to be done today. I'm
not sure about Yahoo but I'm pretty sure we all understand Microsoft's
reasons for getting into bed with anti-spam/forgery technologies, and
thats to make money and exercise domination over said technologies.
When you write something thats designed to make money, the product is
often (in my experience) skewed in functionality to facilitate making
more money, or a stranglehold over it to prevent competition from
entering the arena or the participators to get out.
Patent, Patent, who's got the Patent?
http://www.eweek.com/article2/0,1759,1583421,00.asp
http://news.com.com/2100-1013-5147390.html
http://www.internetnews.com/dev-news/article.php/3312091
I wonder if Microsoft's quest for XML patents has anything to do with
their idiotic use of XML within their C-ID query language. While the
XML standard is royalty-free, the successful acquisition of this patent
by Microsoft could be used to prevent interoperability with Microsoft
products, IE being unable to open a document created by a Microsoft
product with another third party product. Applying this logic to SPF
vs. CID is not a stretch in my opinion. I think its quite clear how
Microsoft gets what it wants.
The "patching" or "repair" of the SMTP protocol should not be left
within the influence of an organization such as Microsoft. Lets take a
look at how they behave:
http://www.eweek.com/article2/0,1759,1565851,00.asp - "InterTrust first
filed suit against Microsoft in 2001, alleging that the software maker
violated 11 of its patents with Windows, Office, Windows Media Player
and Xbox."
Microsoft settled for $440 Million.
http://www.eweek.com/article2/0,1759,1561360,00.asp - "... ends Sun's
antitrust litigation against Microsoft, it also ends a dispute over
infringement on Java technology patents that played a role both in the
latest case Sun had filed against Microsoft in 2002 and the one the
companies settled in 2001, a Sun spokeswoman said."
Microsoft settled for $900 Million.
http://www.eweek.com/article2/0,1759,1566299,00.asp - "During the past
two years alone, according to the U.S. Patent and Trademark Office's
online search server, Microsoft has received about 1,000 patents, or an
average of 10 a week."
Things that make you go Hmmmmmm?
I think we all know that the schoolyard bully just likes to walk in and
assume authority over whatever issue it deems currently financially
exploitable. How does a company with the legal team the size of
Microsoft happen to blatantly bulldoze over patent after patent? I
don't think we want to put into practice anything even remotely
associated with a business who ethical practice lays mired in patent
infringement and anti-trust allegations.
To bring things back on track, and focus on my original comment which
was to agree with Wayne as regards the final comments in the referenced
eweek news article, SPF is not moving too fast. I do not believe this
to be a case of "well anti-spam/forgery initiatives to date have moved
like molasses in January, lets straight line the methanphetamines and
get a move on!", its movement appropriate to the necessary to the task
at hand. Given the substantial number of adopters and thus amount of
real-world testing, combined with the intelligent and considerate
roll-out proposed, the speed with which this train is moving is
appropriate.
What is the WORST thing that could happen? People would stop publishing
records, and deactivate support in their MTA's? Oh no! Someone call
the fire brigade! We must save the children! What about the children!?
Just my $0.02.
Cheers,
James
--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scehem library
-----------------------------------------------------------------
PGP: http://gpg.mit.edu:11371/pks/lookup?op=get&search=0x6E0396B3
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200404.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part