spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF and Responsibility

2004-07-21 14:00:13
from [Jonathan Gardner] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 21 July 2004 01:48 pm, Jef Poskanzer wrote:

I really don't get all the fretting about what various SPF results
*mean*. The only SPF result that has a definite meaning is "fail":  It
causes the message to bounce.  Any other result,
softfail/neutral/none/error/whatever, and the message goes through to
your next level of filtering.  You do have a next level of filtering
don't you?  And it's Bayesian and therefore figures out the "meaning" of
the SPF header on its own, doesn't it? So what is there to argue about? 
Trust your filter and relax.


It is terribly important for several reasons.

(1) If BadSpammer.com publishes SPF and starts sending spam through his 
legitimate servers, are we going to track him down and arrest him and put 
him in the tank and fine him millions of dollars for sending spam? Or will 
we have to resort to traditional methods?

(2) If BigCompany.com publishes SPF and starts sending spam through its 
legitimate servers, are you going to hold them accountable? Will you stop 
buying products from them? Will you email their admins and say "Stop!"

Right now, because no one is responsible for anything, we can't hold them 
responsible. We can't email BigCompany.com and say "stop!" because we can't 
tell if the mail is really from BigCompany.

Also, we would like to set up reputation and accreditation services. These 
are meaningless without responsibility.

I'd like to relax, but remember, the cost of freedom is eternal vigilance! 
The internet won't stay free unless we all do our part to keep it free.

I know it sounds like I'm an anally retentive pedantic jerk, but I believe 
this to be the most important effect of SPF, and we can't let it slip out 
of our grasp and end up where we were at before.

- -- 
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA/tldBFeYcclU5Q0RAooLAKDTkYBikOo16WEoWQBW6VFM3O7wYQCgjsEv
BpxSJ3VnLMmSHAxx8U26JB0=
=1h2U
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF and Responsibility, Michel Bouissou
Next by Date:  Re: SPF and Responsibility, Mark Shewmaker
Previous by Thread:  Re: SPF and Responsibility, Michel Bouissou
Next by Thread:  MX -> TXT SPF widlcard records, Murthy Gorty
Indexes:  [Date] [Thread] [Top] [All Lists]