-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SPF does indeed solve the spam problem. SPF will bring spammers to justice.
* SPF Publishing Leads To Liability
SPF publishing claims legitimacy.
Legitimacy implies responsibility.
Responsibily is liability.
Liability brings spammers to justice.
Brining spammers to justice will solve the spam problem.
SPF publishing claims legitimacy because you make three assertions:
- These servers are illegitimate - They never send legitimate mail
? These servers are unknown - They may or may not send legitimate mail
+ These servers are legitimat - They always send legitimate mail
Some people are arguing that legitimate sending MTAs don't send legitimate
mail. That is absurd. If a sending MTA sends illegitimate mail, it is not
legitimate. If you are stuck in a situation where you are using a sending
MTA that cannot be trusted, don't tell us to trust it. Instead, publish it
with '?'.
Legitimacy implies responsibility. When I tell you that a sending MTA is a
legitimate sending MTA for my domain, I am held responsible for that mail.
I told you that it is mine. I must ensure that that sending MTA is working
properly, that it is secure, and that the mail it sends is indeed
legitimate. If I can not be responsible for it, I must not claim it is
legitimate.
Responsibility is liability. If I am responsible for something, and that
something causes harm or damage, I am held liable for that harm or damage.
The only way I can escape liability is proving that I did everything to the
best of my knowledge and ability to prevent the damage. I can also transfer
liability to someone else - for instance, a hacker or a virus writer - who
caused damage to me and thus caused the other damage. This is all very
dependent on your country's laws. However, I believe that most laws are
similar: responsibility is liability.
When we have liability, we can start to prosecute and execute justice on
spammers the same way we prosecute other people who commit crimes. With an
effective method of prosecution, with laws that can be executed justly, the
spam problem will disappear.
* Only Email With Responsible Party Will Be Accepted
Now I make another assertion, equally important: Eventually, the only email
that will be accepted is email that someone has claimed responsibility for.
SPF is only a way to claim responsibility by the sending MTA. DomainKeys
allows you to claim responsibility even though the sending MTA isn't
trusted. There will be other ways in the future.
Legitimate senders want to claim responsibility, for two reasons.
(1) They don't want illegitimate mail to be accepted as theirs.
(2) They want to show how responsible they are and how well they can be
trusted.
Those areas where responsibility isn't clear - for instance, mail sent under
SPF NEUTRAL or SPF SOFTFAIL, or without DomainKeys, etc... - will be the
last home for spammers. Spammers dare not enter into the responsible mail
domain, unless they want to be held accountable. Those that do will be
punished.
Eventually, as all the non-spammers leave the responsibility-free zone, and
only spammers are left, no one will want to receive mail from the
responsibility-free zone. These messages will be rejected at all ends of
the spectrum. It will become a realm with plenty of senders, but no
receivers.
The only mail that will survive is mail that has a responsible party.
QED.
I invite people to point out holes in my logic.
I would also like to point out the sheer genius of those people who
pioneered this field (See the credits on the SPF site). I think they knew
what they had, but I don't think others see the magnitude of it -- yet.
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBAAkgBFeYcclU5Q0RAu/KAKCfLOCSp0XsmLLQnZy1m3S6zL6uFACfRDV+
+ud8bnr8JYeMAAVa7DOPwCI=
=JS+l
-----END PGP SIGNATURE-----