Greg,
you made some good points on Thur evening.
Indeed, Sendmail was nicely represented. e.g.:
Eric Allman was there on Wed night and made an inspirational comment.
Dave Anderson (CEO) was moderating on Thur night and managed to keep
things in-line and moving along. :-)
Nate
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Greg
Connor
Sent: Monday, June 07, 2004 10:26 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Review: SPF at INBOX Event
The INBOX event took place over two days (I think) and I didn't go to
the
whole show, but I attended the two evening sessions that were related to
SPF. On the whole it was a *VERY* positive show for us. Here is a
description.
______________________________________________________________________
I will be very brief in describing the first evening event, called
"Accountability Symposium". The event was organized by Margaret Olson
(who
represents Constant Contact and also some responsible email senders
trade
group).
Margaret Olson: Opening comments, description of the forgery problem.
Dave Jevans: Phishing
Omar Tellez: Overview of Anti-Abuse Working Group
Dave Crocker: History of SMTP
Andrew Newton: Overview of MARID working group
Meng Weng Wong: SPF and the New SPF/CID proposal
Harry Katz: Overview of CID, and more about SPF/CID convergence
Ray Everett-Church: Eprivacy Group
Miles Libbey: Overview of Yahoo Domain Keys
This symposium was intended to be a series of overviews, not a working
session. The various speakers were each summarizing one particular
effort,
for the benefit of the general INBOX attendee audience. After the
speakers
were all done, they all sat in front and were subjected to questions
from
the audience.
Looking at the agenda you would assume that SPF wouldn't get much air
time,
but I have to say, I think SPF and MS being united against forgery
probably
had the best impact on the crowd. SPF and CID were the subject of many
questions, and many of the other speakers who did not come there to talk
about SPF gave their words of encouragement anyway. In addition to the
positive feeling generated by SPF/MS having a tentative agreement to
work
together, SPF and CID were also mentioned prominently in the MARID
overview, and SPF was mentioned as a possible tie-in with Y! Domain Keys
as
well.
At least three questions fired at Meng about how this will work and when
it
will start working were answered with "It's working now... but for those
of
you who would like to know more about what happens next, and what YOU
can
do, please be here tomorrow for the SPF BOF meeting." About the third
time
this answer was given there was a bit of a chuckle that went around the
room.
______________________________________________________________________
After the meeting, I went to dinner with Meng and a bunch of others,
some
of whom I didn't actually meet. The Ethiopian place we were headed for
was
already closed, so we regrouped and headed for The Cheesecake Factory.
(This restaurant kicks ass... if there is one near you, you MUST go.) A
good time was had by all.
Those whom I can remember were probably either in the car I was in or
seated near me...
Meng Weng Wong, Pobox
Martin, Inbox Technologies
Michael Py
Suresh R., Outblaze
Carl Hutzler, AOL
Dan Quinlan, Spamassassin/IronPort
Add others whom I forgot or didn't know for a total of 12 diners.
We talked about SPF a bit, but mostly we talked about spammers,
anti-spam
activists, and our favorite techniques for stopping spam. I got to
shake
hands with both Carl and Suresh, both of whom I admire from reading
SPAM-L.
After a brief detour to get Meng's ransomed luggage, we returned to San
Jose and went our separate ways.
______________________________________________________________________
The second day was the SPF BOF (Birds of a Feather) session. The room
was
not packed as tightly as the night before, but I would estimate there
were
still about 100 or so people.
About the first half of the session was a quick overview of where we
have
come so far, and what we believe the next steps are, followed by a long
series of questions from the audience, mostly of the form, "How are we
going to get X person or group to do Y task?" Most of those were
answered
by someone actually from the group in question saying "Yes we can do
that",
or in a lot of cases "Actually, we have already done that."
There was also widespread repeating and approval for the ideas that
1. We are not trying to solve spam
2. We realize that stopping forgery will take a number of steps,
possibly
10, 15, 20 or more, and that we can really only see the first 3 or so of
those steps from where we stand now. In other words, the work we are
doing
is Necessary, But Not Sufficient to stop all forgery.
3. We are heading in the right direction. Minor course corrections
are
still possible, but we benefit more by keeping the fleet together than
we
would by going separate ways and arriving at an intermediate step
sooner.
Notable mentions include:
We agreed to use "SPF-ID" as a working name for now.
Sendmail Inc. was represented by an exec and a couple developers, all of
whom said they were committed to implementing the new SPF-ID
Carl from AOL announced that they would be using SPF to manage their
whitelist entries, and that people wanting to be on AOL's whitelist
would
be required to publish.
Dave Crocker gave a presentation. (Sorry I don't have notes from
that...)
Dennis Dayman from Verizon also announced that they were publishing
records
as well.
I personally spoke up a couple of times to raise points or questions.
1. We have talked a lot about the negatives of spam and abuse and the
behavior we want to stop, as well as the things that might break. There
is
also a positive side to all this, and that is the positive benefit to
users
of seeing a validated address. We need to punch up this selling point
and
make this a positive side of our marketing message. We need to sell not
just email professionals, but end users on the concept of verification.
We
need people to like it and tell others about it so that they will go ask
their ISP, "Why don't I have check marks showing validated emails"
2. Large players can help the community at large by reporting their
progress, as well as reporting the statistics of the mail that comes in.
For example, if a large mail receiver says that their incoming mail
still
not compliant with SUBMITTER/PRA is 99% spam, that is useful information
to
everyone else. They can also tell who the non-compliant forwarders are
and
start to put pressure on them.
Meng announced that the official garment of SPF was the black poncho,
and
gave one to Carl and another to Dennis Dayman from Verizon.
Meng said: people can publish the SPFv1 stuff now, and implementors
should
get started with the SPFv1 spec. In terms of milestones, the new MARID
stuff won't be done till end of June or in fact August, but the SPFv1
semantics are at the core of the MARID work anyway so they can just
repurpose the code when the time comes.
The final closing statement was a call to everyone to publish SPF
records
now, and a show of hands of anyone who is not able or willing to go back
to
their company and make sure SPF records get published. The results were
encouraging: none :)
______________________________________________________________________
I managed to tag along with Meng and a few others, and this time we made
it
to ethiopian food. The food was wonderful and the staff was great (Zeni
Ethiopian on Saratoga Av.)
As a result of both days, I trundled on home, feeling quite positive
about
the future of SPF, CID, MARID, etc. (I should probably do another
summary
that covers MARID, interim meeting, merger talks, etc. I think MARID is
going to turn out to be more important to us than even MS)
Even after reading the list the last couple of days, I am still not
discouraged. I am still quite optimistic.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com