From Seth Goodman Sent: October 1, 2004 3:28 AM
<snip>
|Recently, Stuart has suggested that the SPF record is a
|great place to publish sender policy, but that the idea of
|publishing designated senders by IP may be questionable. I
|congratulate Stuart for having the courage to voice that
|observation and I think it's time that we stare that
|possibility in the face. There are real problems with
|listing the IP's of all your mailers and keeping that up to
|date.
|The elegant language that we have developed allows
|significant DNS recursion which creates real system loads.
|Another obvious problem that more and more people are
|realizing is that the validation is only good for the first
|hop. Validating a forwarder with the SUBMITTER parameter
|tells you next to nothing about the validity of the
|originating identity in the return-path.
|Take a step back and a deep breath and consider where we're
|at from a technical standpoint. Designated sending IP's
|was a great idea, but it only validates the first hop and
|it breaks forwarding. The solutions to fix forwarding cost
|you the validation of the originating identity, plus you
|have to get most of the forwarders to go along with it.
<snip>
|But there's no need to throw in the towel.
|Consider that the original goals of SPF were:
|
|1) Validate the MAIL FROM: identity of an incoming message.
|
|2) Provide immunity to joe-jobs.
|
|3) Allow for rejection before data as often as possible.
|
|4) The protocol must be lightweight.
|It appears that end-to-end authentication does a better job
|on these goals better than designated sending IP's. That's
|a hard realization to swallow, but I believe that's the
|correct technical analysis. It doesn't mean that we've
|wasted our time, but some re-evaluation is in order.
<snip>
|There is one more feature of an SES end-to-end system worth
|considering.
|Unlike SPF, an SES failure is definitive. The message is
|known to be a forgery. This lends itself to automated
|reporting to reputation systems, such as Gossip and
|blacklists. It has the same properties as a spamtrap hit:
|it is unsolicited, the detection method is objective and it
|does not involve human intervention or judgment. SPF
|failures are not definitive and can easily result from
|misconfiguration or forwarding problems, so it does not
|lend itself well to automated reporting. Automated
|reporting means very fast addition to lists that other
|sites can use as a basis for rejection. This really tilts
|the scales in the direction of legitimate mail and helps
|stop spam runs in progress.
|Seth,
I believe there is a lot of merit in this analysis.
Obviously one needs to take the SES hypothesis, throw it up
against the wall and test it.
Having said this:
* There is value in the Sender Policy Framework brand;
* I don't believe it is necessary to throw out the concept
of designating IP addresses, if you focus on an identity
which allows for end to end validation without breaking
mail forwarding.
John
John Glube
Toronto, Canada
For The Record, Will Microsoft Own Email?
http://www.learnsteps4profit.com/wme.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 21/09/2004