This spam problem is out of hand - the existence of email as we know it
is threaten - forgery is a huge problem.
If ebay, paypal. Etc, etc have to change the way they do business to
accommodate spam reducing email reforms then so be it.
Email WILL CHANGE. Either by legislation or a large entity like AOL or
Microsoft will announce one day that we all have to use their system.
So lets all cooperate and implement SPF and deal with whatever changes
in the peripheral systems that are necessary.
I much rather have the Internet 'geeks' solve this problem - their
solution is likely to not to cost as much.
If the public keeps complaining about spam, I can readily see the
Government legislating some kind of postage system.
Enuff said
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Carl
Hutzler
Sent: Sunday, June 06, 2004 10:44 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] ebay problem
So use the HELO string for this "new field"? Its before data and it is
unusedd to the best of my knowledge.
christopher(_at_)pobox(_dot_)com wrote:
* Convince Ebay to not forge email addresses. (They could due SRS,
for example, or to collect any bounces themselves.)
I *like* the way that my emails through eBay hit the recipient with my
address as the "From" - (they are not figuratively "forged" - I typed
the email in through their web site in the 1st place remember).
It is wrong to try and force other people to do what *we* want,
especially when what they're doing is perfectly reasonable. It is also
wrong (or at least, exceptionally bad manners) to destroy every online
business that makes a living from this kind of thing (eg: greeting
cards etc) instead of adapting SPF to cater for this instead.
I say we should build something extra into the system so that...
A) If the actual sending MTA did forge an address, the receiving
SPF-enabled code can make a check to decide whether or not to allow
this.
B) Add an *extra* SPF field into the spec so that people who want to
forbid this "authorized spoofing" (example: an online bank) can do
so if they're utterly convinced that nobody should ever send mail
as them.
And keep in mind - 99.9% of admin people are going to say "nobody
should ever spoof mail from my domain - period." - and 99.8% of them
are going to be wrong because they didn't think about eBay, PayPal,
greeting cards, web-based office tools, legitimate mailing list
companies, 3rdy party survey organizations, and a load of other legit
things.
Remember - we are creating something that people *are* going to use to
block incoming emails - *we* have a responsibility to ensure that the
barest minimum possible of false positives can result. ISP's don't
want to tell their customers "it's not our fault you missed out on some
auction, it's eBay who refused to obey our new rules who is to blame"
There's 3,100,749 registered subnets out there - so you can guarantee
that some of those businesses are going to get unfairly "cut down" by
SPF unless we write something in that protects their livelihood. We're
all smart - it's not that hard to think up good ways to do this.
Seems like the latter would be the best solution for sites like this
- collect the bounces, and use a code in the Subject (for example)
to identify bounces and alert the other party of a message failure.
They should never have really been sending out messages with someone
else as
the
sender to begin with.
This is indeed NO solution on my opinion, lets point out the facts:
1) we publish for all our 1000+ domains spf records with "-all"
!!!
2) nearly 100% is smooth and clear
3) only some major players like ebay are breaking rfc rules.
A> Exactly. So having everyone stick to the rules is the solution.
but...
ebay is a "must" in our days and if some Mails from ebay will be
rejected with 554 .... our customers will shoot us off to the
moon....
so "who" may convince ebay to obey the rules.... i think some times
they and other make the rules ....
A> What was their response when you contacted them with the suggestion?
on this point Meng shoud intervent at @all major sites to reinspect
their email codes not to send with a envelope sender name of the
intented receiving domain !
to solve this with a hot needle like "if ebay make following if
microsoft do this.... " is not a real solution to help spf !!!!!!!!
A> How is working around people rather than encouraging them to fit
A> within the
A> rules going to "help" SPF? Surely it's going to simply ensure that
the same
A> problem continues for everyone else, as well as for you with the
next site
A> that decides to follow eBay?
so meng please give your opinion for a possible and fast solution to
this dillema !!!
i postet two times to this list but no real answers are comming
back..
my alterenatives for all domains are for now to switch them to
"?all"... rediciolous in my oppinion...
so please help us an me and our customers with a bunch of real
solution for this dilema no only wise tips...
A> Because you're not being very polite about it. Ridiculing those who
A> do
A> respond isn't going to encourage any responses.
A> -------
A> Sender Policy Framework: http://spf.pobox.com/
A> Archives at http://archives.listbox.com/spf-discuss/current/
A> To unsubscribe, change your address, or temporarily deactivate your
A> subscription,
A> please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
Carl Hutzler
Director, AntiSpam Operations
America Online Mail Operations
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com