Re: Opening Debate on SPF vs. SenderKeys

Mahalo,


AccuSpam wrote:

>  
>
> > if somebody wants to send an email to a 
> > domain _not_ on my system, then they have to authenticate.
> >    
>
> You mean _from_ a domain...
>
>  
no, i really mean *to* a domain. most of the time, users can technically 
send email to "local" domains without auth.
but they couldn't send to domainbrandx if it isn't local.

> Sometimes easy to say until your biggest customer complains...
>
>  
there are some special cases that take elbow grease and tender attention 
to get in the groove.
> Yes in that case they understand the risk-benefit analysis well, so you are 
> probably okay.  Also your customers are probably reasonably intelligient/savvy 
> given they are using highly customized Host services (per what you write below).
>
>  
i have savvy and not-so-savvy and completely unsavvy. if i get things 
working for them and they can go about their business, i don't usually 
have to coddle them.

>  
>
> > i run about 900 domains. i am just small potatoes, and i only try to 
> > make things better "on average" as best I can. if somebody complains, i 
> > give it personal attention and make it happen.
> >    
>
> Well that is not insignificant sample IMHO.  If that is 300+ customers, you 
> might get some reasonable feedback about SPF in future.
>
>  
i have 10 domains coming into a mail server that checks SPF. But I made 
this server picky about the source IP geo. location matching the MX host 
geo. location for the domain. It is totally horrible if you expect to 
get mail from Europe. But the 10 domains don't expect that kind of 
email. I have collected data from 360,000 emails since May 30. I have 
some stats at http://emkwebdesign.com/mailstats.php
It will take forever and a day to load, it wasn't set up for routine 
checks, just a tinker-toy project. Plus it is running on a bunch of 
parts I fished out of the garage to make my wife think I was doing 
something with that stockpile of dinosaur stuff piled out there. ;-) I 
managed to get something running and threw netbsd on it. It became 
another tinker server.
It is interesting that 1/2 the incoming mail is bogus junk that pretends 
to be from a place that it really isn't from. My own personal incoming 
spam dropped to 10% of what it was before. I used to get 800 or so 
emails per day in my primary account.
But it isn't really a reasonable mainstream solution. The biggest issue 
is Europe, where there are a lot of people that host in a different 
country than they send email from.

> Believe me it works.  Different people correlate by the Weighted Root Mean 
> Squared Error of their votes on domains.  It is not picking up all nuances of 
> personality and choice, but it averages out unless you are just really super 
> unique in voting opposite of all possible permutations of existing userbase, 
> which becomes harder to achieve the more users there are relative to # of 
> domains seen.  Even if so the correlation realizes you are statistically unique 
> and you do not get correlated well to any other users.  In return for being so 
> unique, AccuSpam would be less effective.  But that is not the within 3 sigma 
> case.
>
>
>  
I started working sheet metal when i was 16 and got out of it when i was 
27. I tried to get through school in an ME program but I spent too much 
time working and chasing chicks around. But I have been tinkering with 
computers since I was 10 or so, I remember when 256 K of RAM was 
awesome, but it cost about 30 pizzas, or 60 mowed yards. And getting a 
10 MB hard drive was cutting edge. It meant you didn't have to swap 
floppies in between operations. Now that I am 34 -- pizza is much more 
expensive than RAM. And these days I spend a lot of time trying to get 
bluetooth to work with voip telephone pleasantly, and trying to trick 
the voip line into handling faxes, which is impossible.
I guess my point is I don't know what the heck you are talking about "3 
sigma case" and "Weighted Root Mean Square" stuff. I guess that is why 
most standardized tests are biased.
I am more of a barn hack that loves to tinker. Fortunately I am aware 
enough to build things of some value for people and earn to cover 
expenses, plus all the stuff my wife and kids are into. But they are all 
spoiled silly, really. That isn't a bad thing, though, would have been 
nice growing up that way probably ;-) But I really need to get back into 
automated revenue sites.
>  
>
> > hmmmm. I don't recommend that anyone use POP. I get too many customers 
> > that think they can store all their email in their Inbox at work with 
> > "save on server" so they can get it at home.
> >    
> Hotmail and Yahoo give 2GB now.  So why not.  If users want it, then the way to 
> grow from 900 domains to 9000 is to give them what they want.
>
>  
Not my game. I haven't had a personal goal of maximizing hosting 
accounts, they just accumulate over time. Small time shop here... I 
couldn't support that many customers, and I don't get along well enough 
with non-computers to manage a support team.

> > And that is like playing 
> > Email Jenga. One day you get in the office and are receiving 2500 
> > messages because the hottest email client on the market loses it's mind.
> >    
> So set mailbox limits.  If it is going to overflow at 2GB from attack, then 
> leaving 10MB till the end of day is not the problem.
>
>  
I hate limits. I have never even learned how to set up quotas. Space is 
cheap, and I would rather throw in another 200 GB drive then to enforce 
quotas.
I think i best be finding some dinner before it gets to be midnight.

Enjoy your weekend.

Waitman