On Thu, 18 Nov 2004 20:56:15 +0100, Frank Ellermann wrote:
Dave Crocker wrote:
> SPF essentially eliminates spontaneous scenarios, by virtue
> of requiring pre-registration.
>
That's not true, if you want to send some mails via my ISP
(during your next spontaneous visit ;-) then it's possible:
MAIL FROM:<me(_at_)xyzzy>
From: you(_at_)dcrocker
Subject: SPF-test
bounce messages need to go to the author or the person responsible for posting
the message. it is entirely inappropriate to route bounces back to the first
mta.
in the cases i described, it would be, at best, useless to route bounce
information back to the administrators of the systems i used to create and post
the message.
That works everywhere as far as SPF (not PRA) is concerned.
it works for only a few of the legitimate scenarios. the scenarios are very
popular, but very constrained.
I'm responsible, I'd get the bounce, working as designed.
> Certainly the scenarios I described were not hoaxes.
>
MAIL FROM:<you(_at_)dcrocker> actually sent from me _is_ wrong.
the mailfrom is a bounce address. it is not an author or poster address.
> what about supporting the 999,000,000 users of the
> Internet who are not geeks?
>
They certainly don't want to get billions of bounces for
mails where a spammer forged their MAIL FROM. Bye, Frank
a challenge, in trying to find enhancements that fix a problem, is to avoid
penalizing all the people who are not creating the problem. otherwise, you are
merely swapping one way of crippling the service with another.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com