spf-discuss
[Top] [All Lists]

Re: SPF is not usable as legal measure against spammers.

2004-07-14 09:42:20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 14 July 2004 09:09 am, Paul Howarth wrote:

Suppose example.com is a customer of $bigisp, and for whatever reason,
relays their outgoing mail through $bigisp's mail servers. It's still
possible for a spammer to hijack the machine of any other customer of
$bigisp and send mail out with a sender address of 
anyone(_at_)example(_dot_)com,
which will be OK according to example.com's SPF record. However,
example.com is clearly not responsible for that mail.


I disagree. I believe example.com is responsible for their ISPs failing.

Let's say I am the general contractor responsible for building a new 
apartment building. I hire a carpenter and he and his team builds the 
structure. I am still responsible for the structure being up to code and if 
it fails in any way, I will be held responsible. I can't tell the city 
inspector, "Well, it's not my fault. It's the carpenter. Why don't you 
blame him and leave me alone?"

You can bet that if I choose incompetent carpenters, that my reputation as a 
GC will suffer. Would you hire me if I always choose bad carpenters and 
always fail inspection?

Now, perhaps example.com can transfer some of the blame to the ISP, but they 
will always hold the larger share because they chose the ISP.

What if example.com changed their name to 
"I-Choose-Stupid-ISPs-Because-I-Am-Cheap.com"? Would this change your 
opinion of their responsibility?

- -- 
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA9WJsBFeYcclU5Q0RAloKAKCBsgQuuUxaDK8LViK9yllhA7s7IQCdGIlH
jOKbawYG4xg2dO9RduvUrrw=
=XMaX
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>