-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 22 July 2004 04:03 pm, Jef Poskanzer wrote:
Jonathan Gardner <jonagard(_at_)amazon(_dot_)com>:
SPF does indeed solve the spam problem. SPF will bring spammers to
justice.
Wrong and wrong.
Please refute my arguments. Just telling me I'm wrong won't show me where I
went wrong. I laid out my chain of arguments most clearly, and I want to
see where I'm wrong, or at least where we disagree.
We can call each other names or just shout "Wrong! Wrong!" Or we can have a
logical discussion and point out where each other is wrong, and perhaps
come to an understanding. Yes, we'll look like pedantic jerks as we discuss
this stuff, but the conclusion we come to will be based on solid, cold,
facts and not politics or feelings.
According to the real world data I'm getting on my site, SPF has
basically no effect on spam. It does, however, block pretty much
100% of the hundreds of thousands of worms I get each day.
I never said that it would solve spam today. I used the word "eventually"
and clarified the conditions.
Let me reiterate: When most people claim responsibility for their email by
publishing SPF records with positive (+) assertions, that is when the spam
problem will be solved.
(1) If a spammer decides to send email through questionable routes, where no
responsibility is claimed, they will be ignored. No one will be willing to
accept email without claims of responsibility anymore because most
legitimate mail has a claim of responsibility.
(2) If a spammer asserts responsibility for their spam, they will be held
accountable for their spam. Through fines and prison sentences, as well as
a revokation of the right to use the internet, they will no longer be able
to spam, or the cost of spamming will be so high that it will no longer be
profitable.
Where else can a spammer send email from, if not from non-responsible or
responsible routes? Is there a third condition I'm unaware of?
This is exactly as I expected, and as anyone who has thought about
it should have expected. The current generation of spammers do not
bother to forge their addresses - they use stolen machines instead.
But all worms propagate using forged addresses.
I classified these messages as messages without a responsible party.
Eventually, when most legitimate senders have claimed responsibility for
their messages, people will stop receiving these kinds of messages.
Please read the post.
This also explains why Microsoft is supporting us - it's much cheaper
than fixing their OS to prevent worm infection.
You may question the motives of Microsoft, but I believe that they "get it"
- - that spam is the #1 problem on the net today, and it is threatening email
itself. Very soon now, unless a solution is in sight, people will abandon
email altogether, much like Donald Knuth has.
If you have data showing SPF doing anything about spam, let's see it.
Otherwise, please expect to be ignored.
How can I have data when I am predicting the future? I am relying on logical
arguments.
However, I draw your attention to the experiments of David Lawless. He
stopped accepting mail that doesn't have any responsibility attached to it.
He took '?all' to mean '-all'. He also uses default SPF records for those
who don't publish. He has some pretty remarkable results. Read back in the
archives over his posts to see a window into what is in store in the
future, when every accepted email has a responsible sender attached to it.
Here's a quote:
On Saturday 03 July 2004 01:54 am, David Lawless wrote:
The results I've obtained with aggressively modified SPF have
been nothing short of amazing. Really unbelievable. Jaw
dropping. It's been at a perfect 100% (no joke, 100% without
any outside help) since my last significant tweak about three
days ago. Only about three or four messages out of the 477
blocked so far ever got through--and those would have been
stopped by the adjustments they subsequently inspired.
He found the '2' at the end of the tunnel, I'm just showing the '1 + 1'
part.
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBAT7OBFeYcclU5Q0RAganAJ4p1VWI3Naxtix0Riy9pZLHI8uRiQCg3aHd
GBbCoiaLHyDMSeOsTLPDpFc=
=kjhN
-----END PGP SIGNATURE-----