spf-discuss
[Top] [All Lists]

Re: Redirected Trace header draft

2004-11-07 23:08:15
william(at)elan.net wrote:

the version 00 to be publshed will be primarily the same as
current pre03.

Oops, I stil have pre02, deleted.  Hm, where do I get pre03 ?
At the same place where I got pre02, but I forgot the URL. ;-)

reference to SRS draft (of which there is none...)

Exchanging my weekly insults with Meng I found a PDF about it:
<http://www.libsrs2.org/srs/srs.pdf>  That as plain text could
be good enough, although it doesn't have the "style" of a RfC,
it's more like a paper for a scientific journal.

inclusion of SRS algorithm as part of draft as a way to carry
SUBMITTER value to MTA that did not advertise SUBMITTER

What do you think of Meng's "WL + SPF HELO PASS" ?  Some bloody
details noted as op=trusted (was op=meng), but the op-syntax is
irrelevant for this concept, the important point is the WL.

Reuse of v=spf1 record (Microsoft has shown me bad example,
so be ready to kill me as well)

Be my guest. <eg>

I'm not Microsoft, I'll not force it on you and there will
most likely be some kind of modifier proposed for spf1
records.

Something like op=submit with some of the MUST-tortures noted
for op=trusted ?  Who uses it, client (forwarder) or server ?

Sorry, I probably won't kill you for any _option_ in v=spf1.
But if it's submit=yes get ready for a harmless RIDICULUS. ;-)

It is in fact "connected" to received headers as it also
includes "by".

Okay, Received: could be sorted when necessary, therefore your
new Redirected: header inherits this feature based on its "by".

I hope we  can spread the message about the stupid (evil?)
giant that does not care about damage it can cause on the
land.

I hope that the Sendmail test in conjuction with the AOL test
helps to gather some facts.  Depends on how Sendmail does it,
the AOL policy is only ?all, it would hit the fan with -all.

unknown 2.0.0.127.combined-hib.dnsiplists.completewhois.com
unknown 2.0.0.127.invalidwhois.dnsiplists.completewhois.com
[...] 
I've not heard that 127.0.0.2 is a requirement for dnsbl

It is for rxwhois.  Quoting draft-irtf-asrg-dnsbl-00.txt 2.4:

| Nearly all IP based DNSxLs contain an entry for 127.0.0.2 for
| testing purposes.

I'll check around with other people running rbldnsd and ask
if they add this ip address for testing purposes

I'd be interested in this test entry in the combined list, it
is unnecessary to "pollute" the bogon list with it.  Actually
I didn't know any DNSxL without it, you're the first.

I would suggest SPAM-L

How about RFCI-discuss or ASRG ?  I don't read SPAM-L, and I
don't want more lists.  NANAE is unreadable.  NANABL rejected
my first and last article.  SPAM-TOOLS (abuse.net) is a quiet
list, but I only read it from time to time.

As for reports we do not require real user name or email
although I personally do not like reports that are anonymous,

With RFCI I don't want my unmunged address in the evidence of
the public database, the admins certainly do know my address
and could call me (my reports are pretty obvious, just grep
for ##### =xyzzy or ####m e######## = Frank Ellermann in your
copy of the ipwhois evidences ;-)

Original-* are trace header so they are not supposed to be
modified but new headers with same name can be added by
subsequent systems

That's the same idea as in Sender-ID with multiple Resent-*
"blocks" (they claim that this is specified in 2822, I didn't
check it).  Unlike Sender-ID it's not critical for Original-*

In next version of SUBMITTER I'll not longer require it to
be used as parameter to MAIL if it is the same as MAIL FROM.

Better.

I question using HELO on by itself for whitelisting - in that
case we might as well just do only HELO authentication like
Dougals Otis suggests.

That's IMHO not Meng's idea.  The receiver has a WL of trusted
forwarders (promising wonderful things outlined in op=trusted).

If he sees a HELO matching an entry of his WL _and_ it results
in a SPF HELO PASS, then he can bypass all further SPF tests in
this session.  In other words it never works with an unknown
stranger.

The unknown stranger is the weak point of SUBMITTER, or I don't
get your idea.  Spammers simply use a throw-away domain with
v=spf1 op=submit or whatever, and adding SUBMITTER to the SMTP
scripts of their zombies is trivial.

 [Original-*]
there does seem to be need for it

It's already common practice.  That part of your draft should
have no problems.  Maybe mention some implementations like
GMaNe (probably this mail will have some Original-* headers)

I've feeling this is where I'm heading as soon as the draft
starts to be discussed at ietf-822 (which is unfortunetly
composed primarily of people who just love attacking any new
ideas that seem to want to add to their precious SMTP which
they seem to want to keep static forever

Bruce is a hardcore nitpicker, he finds _all_ bugs (not always
real bugs, but he finds them all ;-).  That's a PITA but good.
Some other authors on this list are what you say.  Charles is a
nice guy, just don't try to destroy Usenet, that's the line.

                         Bye, Frank



<Prev in Thread] Current Thread [Next in Thread>