spf-discuss
[Top] [All Lists]

Re: Suggest New Mechanism Prefix NUMBER to Accelerate SPF Adoption

2004-08-25 14:54:45

At 03:41 PM 8/25/2004 -0400, Scott Kitterman wrote:
Before we plunge off on this tangent again, is there anyone out there
writing an SPF parser that would make any use of this "added
information"?

Hoping for a "yes" answer, because I think it is "must do even if I am too
busy" because as you can see from previous post:

http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200408/1072.html

That the large ISP has no choice but to set "?all" (useless setting),
because anything other than "-all" will get all kinds of incorrect
mathematical assumptions, which will lead to false positives.  If it takes
years for ISPs to transistion to "-all" (100% confidence), then SPF is held
back for years in useless state (for email from those ISPs).

This is not necessarily true. SpamAssassin 3.0, for example includes scoring
the SPF fields. It lacks the computation and bandwidth benefits of rejecting
the spam from the start, but it's handy nonetheless. It can be particularly
used to offset the whitelist score for messages allegedly from your own
domain.


You missed my point.

My point is that if even some receivers are going to assume that "~all" means 
xx% chance of forgery for ALL domains, where for some domains it really is yy% 
and others it is zz% and others...etc.

then what happens is that the large ISP (who can not risk the false positives 
from an incorrect probability assumption of the receiver) can not risk setting 
"~all".

Go see my first post for example numbers of how the incorrect assumptions could 
drastically cause false positives.

And ditto for "?all" if you will assign a percentage other than 0.5.

So then ISP is left only with "-all" or "+all" or do not do SPF.



Log analysis of the SMTP server can also reveal sites that have patterns of
forging email and should be banned outright or is virus-laden and the
administrators should be contacted, or even reveal SPF violations of
outgoing email that should lead to contacting the on-site sender.


If you have 10% of the internet email, then yes you might be able to make a 
reasonable approximation.  But any thing less than a statistical approach (not 
bayesian content analysis) will not be meaningful on the aggregate.

Yes you often can single out extreme cases with smaller sample (just look at 
how standard deviation is defined), but this does not help you in terms of the 
majority of cases.


I, for one, would like you to shush for a week and learn something instead


Why is there such resistance to someone else having a good idea?  Why can't we 
just evaluate this on the merits?  Do you have any formal background in 
probability theory?

Please don't flame me.  I am not flaming you.


<Prev in Thread] Current Thread [Next in Thread>