spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: a grand unified theory of MARID (blame me!)

2004-06-21 17:58:01
from [Matthew Elvey] [Permanent Link] 
G.Connor said:
Excellent. All is well Now the trick will be to write this up as Yet Another Draft. 


Who's likely to do that? Meng?
I'd marked up the latest (May) SPF draft a bit, thinking I'd have to go my own way on this. 
Now I expect I won't.
A lot has happened since it was published. PRA, SUBMITTER, XML, and unified are being considered.
I did find one suspected error and a nit in the process. I'll post about it in a new thread. Other than that, the changes were little more than a few 
s/MAY/MUSTs


On 6/21/04 6:11 AM, spf(_at_)kitterman(_dot_)com sent forth electrons to convey:


...

Now that there has been more exchange, it sounds to me like all you are
suggesting in terms of data checking is that the current, "SMTP+SPF
receivers MAY check the HELO argument and MUST check the return-path" should
be changed to "SMTP+SPF receivers MUST check the HELO argument and MUST
check the return-path". 
This is exactly the change I'm supporting.


If that's what you are proposing, then that's OK
from my perspective.  You are right.  That wouldn't hurt me a bit as long as
we remember the if HELO is a FQDN part.

:)


I see from a quick Google search you proposed this same thought on the MARID
list last month.

http://www.imc.org/ietf-mxcomp/mail-archive/msg01175.html
Yes - in fact, I included that URL in my post here, and said so. :) (I tweaked the wording a bit, so it's not quite the same.) 


I'm still uncertain.  Are you saying that an advantage of your plan is that
I'm going to get blacklisted if someone forges my domain name (as they do on
a daily basis now) if I don't get them blacklisted?
I don't think so. Let's see how this would work. If you either don't try to, or try but fail to get the forger of your domain blacklisted or shut down, it won't reflect poorly on your domain; it'll reflect poorly on the domain that is allowing the forgery. It'll be SpammerFriendlyISPWithAnUnresponsiveAbuseDeskAndAnSPFRecord.dom, so it won't be your domain. So you're not being coerced to get the forger of your domain blacklisted, or get the SpammerFriendlyISPWithAnUnresponsiveAbuseDeskAndAnSPFRecord to take action. Plus if you take no action, and the forgery is from a spammer, it'll get taken care of anyway - other actors will cause the forger of your domain to be blacklisted, or get the SpammerFriendlyISPWithAnUnresponsiveAbuseDeskAndAnSPFRecord to take action. 


Would you please expand upon this idea?  It sounds to me like this idea is
very dangerous to me and I want to stay far away... (but perhaps I just
misunderstand the proposal)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  pobox.com per-user spf support, Meng Weng Wong
Next by Date:  SPF draft review/suggestions to the editors, Matthew Elvey
Previous by Thread:  RE: a grand unified theory of MARID (blame me!), spf
Next by Thread:  Re: a grand unified theory of MARID (blame me!), dsklist
Indexes:  [Date] [Thread] [Top] [All Lists]