spf-discuss
[Top] [All Lists]

Re: SPF and Responsibility

2004-07-22 11:14:14
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael, and all the others who disagree with me:

I assert to you that the machine at smtp-out-1002.amazon.com (IP 
207.171.160.42) sends mail for Amazon.com. If you get mail from that 
machine that claims to be from Amazon.com, it is one of our messages.

Yesterday, I was notified that that machine and others like it were sending 
out messages considered to be spam.

I had two choices:
(1) Tell the reporter, "Why are you trusting that machine? Sure, I said it 
is legitimate, but you'll have to discover whether individual messages are 
legitimate! It's your responsibility to figure it out!"

(2) Tell the reporter: "Thanks for bringing this to my attention. I will 
resolve this as quickly as possible. It is definitely our fault because we 
told you to trust that machine."

That is the bottom line. Which one do you think I did?

When I tell people that 207.171.160.42 sends mail for Amazon.com, and that 
it can be trusted, I am telling people that every individual piece of mail 
it sends (in our name) is our responsibility. I want people to know that. I 
want them to call me up and say, "STOP SPAMMING US!" I want to show people 
"See? We send millions of messages a day and only a fraction of a fraction 
of a fraction of a percent are considered spam!"

Do I administer the machine? No. I don't even know the guy who does. For all 
I know, that machine could be located in Nepal. But We list it as a trusted 
machine, so I am going to fix it, or cause it to be fixed, or get it 
de-listed.

When I assert legitimacy, I take responsibility.

If you can't take responsibility, don't assert legitimacy.

A legitimate sending MTA sends only legitimate mail. Otherwise, it isn't a 
legitimate sending MTA.

So now we have the connected chain:

Publishing SPF asserts legitimacy.
Legitimacy implies responsibility.
Responsibility means liability.
And liability is what we want.

When the spammers publish SPF with positive assertions (+), they will be 
held liable for the spam they send.

Everyone, eventually, will have to publish positive assertions. The '?' and 
'~' covered servers will be the last resort for spam. As responsible 
mailers abandon this space, it will be left to spam. Eventually, all mail 
sent with anything but SPF PASS will be discarded. That is the end result.

So every mail will have a responsible party. Every piece of spam will bring 
a fine or jail time. Every piece of fraud, deception, or outright threats 
will be punished. And it all depends on the link that legitimacy implies 
responsibility.

On Thursday 22 July 2004 03:13 am, Michel Bouissou wrote:
Le jeudi 22 Juillet 2004 11:31, Mark Shewmaker a écrit :
Uhm, err, with the "+" character, which tells you that the sender is
willing to stand behind messages from his domain from this server,
putting his reputation on the line.

[...]

For a sender to tell recipients to please trust that mail from a
certain server (claiming to come from his domain) really is from his
domain, means the sender has to trust that that is true too.  (To
misquote Jonathan's wording.)

No, no.

The "+" character, once again, does not mean that <<the sender is
willing to stand behind messages from his domain from this server,
putting his reputation on the line.>>

It doesn't mean either that the sender asks <<please trust that mail from
a certain server>>


Legitimate sending MTAs send only legitimate mail.

What I said earlier was this (reworded slightly):

If you don't trust a server to not send illegitimate email, why are you 
telling me to trust the server not to send illegitimate email?

Or, removing, the double negatives:

If you tell me a server is legitimate, why are you telling me it isn't?

Actually the sender doesn't ask anything such as "please trust..." and he
makes no assertion about a given message.


He is not explicitly telling me things about individual messages, but he is 
telling me things about individual servers. If he tells me that a server is 
a legitimate one, why would I not believe that the messages it sends are 
illegitimate?

When you try to do that, you are trying to say that a legitimate email 
sender can send illegitimate email. It's a contradiction that makes no 
sense.

The sender domain *ONLY* asserts "this server is legitimate for sending
mail coming from my domain". And not anything further than this.

The SPF record makes a statement about a server "it is legitimate for
this domain". It does not make any statement about a given message.

Again, if a sending server is legitimate, why would the messages it sends be 
illegitimate?

You told me that it was a legitimate server. But now you are telling me it 
doesn't send legitimate mail. Which one is it? Make up your mind!

I've pretty much made up my mind. No one has given any arguments to 
contradict my assertions. If you cannot trust a server to send legitimate 
mail only, do not tell me to trust it. List is as '?', but don't list it as 
'+'.

- -- 
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBAAP2BFeYcclU5Q0RAvnsAJ91qBXgjFaEqCwstIHYx7B16g8dJQCfTiWk
N7UFvKhySZJJePt4kSUwD4M=
=tpu/
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>