On 6/26/04 7:34 PM, Seth Goodman sent forth electrons to convey:
From: Matthew Elvey
Sent: Friday, June 25, 2004 3:47 PM
<...>
Did you not read my post explaining how Unified SPF actually does
protect 2821.MAIL FROM, and why we should consider it to do this job
well enough to be acceptable, IMO? I would like to know what you think
after you read it.
Would you mind providing a link to that particular message?
googling "a grand unified theory of MARID (blame me!)" gives
<http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0958.html>
Note:
"RE: [spf-discuss] a grand unified theory of MARID (blame me!)" said in
part:
"If you get word of From: forgery, you're gonna be motivated to do a
little work to get the spammer's domain blacklisted, for example by
putting him in your RHSDRBL (Right Hand Side Distributed RBL), which
will stop the forgery and phishing. "
I don't know about the distributed RHSBL, but conventional DNSBL's, both IP
and RHS types, work just fine. The problem is that you have to hear about
it. By time you've heard about it, your reputation is already damaged. You
can get the spammers listed to stop further abuse, but you can't get the
horses back in the barn. How many potential customers have seen your
(forged) name on a spam and carry a negative impression as a result?
Yup. The other question is what's a better compromise? This limited
abuse for a short time, or requiring SRS and end-user work?
Re: I-D ACTION:draft-ietf-marid-rationale-00.txt:
Very good, overall. Some nits:
B - Forwarders and web-generated emailers are merely operating
according to time-honoured traditions. Sender ID changes the
terms of their unwritten contract; it is unfair to demand that
they change. Placing the good of the many above the good of the
few can lead to a tyranny of the majority.
This doesn't well represent my position, oft expressed, against
inconveniencing forwarders and web-generated emailers (which are
mis-identified as being the same as non-participants).
This is a job for sysadmins:
A - the New Email should be fully transparent to the end-user and
require no reconfiguration.
B - no disagreement!
Only Unified SPF has no disagreement. Sender ID strongly disagrees (for
now; it's being changed, I think, based on Meng's recent post). It (for
now) mandates end-user reconfiguration on a massive scale, because,
IIRC, it doesn't say that HELO checking should/must be done. Hence I
(of elvey.com) would have to get all my domain's end users to use MSAs
that I (as DNS admin of elvey.com) knew about. For fastmail.fm, my
email provider, who hosts mail for thousands of domains for many of
which they don't do DNS, they would have to support this for each user
of each domain!) If HELO checking is mandatory, they just send HELO
fastmail.fm, and ensure that fastmail.fm has a good reputation. No
support headache.