-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 11 June 2004 11:07 am, Paul Iadonisi wrote:
On Fri, 2004-06-11 at 12:59, Jonathan Gardner wrote:
I am open to other suggestions. I would rather people had previous
notice that their emails will be ignored rather than silently dropping
millions of emails without giving due notice.
"Silently dropping millions of emails without giving due notice" is
absolutely not what SPF is about. This is about rejection before DATA
(at least, many of us hope it remains that way after the 'merger' dust
settles). I consider, and I believe you will find many members of this
mailing list will agree, 'silently dropping' email a *really* bad
thing. Rejecting or (if the PRA can be verified) bouncing are the only
alternatives that maintain any kind of confidence in email as a message
delivery system. Filtering, or 'silently dropping' messages is
something that ONLY the end user should be doing. We can tag and/or
deliver to specific user sub-mailboxes at the system level, but never
silently drop. At least, IMNSHO.
I see the point. So if I am a domain that doesn't publish SPF, and I send an
email to you that is doing SPF-checking, at best you will accept the email,
but it won't get whitelisted, and at worst, my email system will say
"Couldn't deliver the message: Reason was "No SPF records published for
yourdomain"
If I send an email from an unauthorized server after people start enforcing
"-all", I will get a message back "yourdomain does not allow email to be
sent from XX.XX.XX.XX. If you want to send email from that server, you'll
have to adjust the SPF record for yourdomain."
I find the idea of blasting an email to postmaster(_at_)* quite distasteful
and believe it would be hypocritical of us to do so, considering the
focus of this effort.
I see the point now.
That said, I'm sure the articles in Linux Journal were a big help.
More articles like that in other tech journals are a good thing to shoot
for. There was also a significant boost in SPF publishing after the
Spam Conference at MIT in January. More events like that where system
and email admins gather would be appropriate. Those who have press
contacts should be keeping them up to date on flag days and such. There
are a number of other avenues that can be taken, perhaps even including
a separate marketing fund that SPF could maybe take donations for?
So we just keep doing what we are doing because obviously it is working to
the point where AOL feels confident in it.
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAyfv6BFeYcclU5Q0RAuItAKDu5lRycLlPRdrFQuf2pjCMNRlTfgCgmPJ5
2ps1no70Oa/gzO/uvDIeQhQ=
=fWRh
-----END PGP SIGNATURE-----