Re: Sendmail white paper

In 
<1101227928(_dot_)8191(_dot_)7782(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
 David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:

Like I said, it's not so much that you want to force the world to
'upgrade'. It's that you want to force the world to upgrade without
actually _needing_ to. CSV does everything that SPF does, without the
breakage. What do you have against CSV?


CSV doesn't do everything that SPF does.  CSV protects just the HELO
domain, SPF protects the MAIL FROM domain and, optionally, also the
HELO domain.

Some of the people promoting CSV also claim that it does something
that is mystically and magically, semantically different than SPF HELO
checking.  Discussions of CSV should probably take place on the CLEAR
mailing list instead of here.

I said that forwarding is a problem for the receiver because it's the
receiver that establishes the forwarding relationship.


But it's not. It's the _forwarder_ that establishes the forwarding
relationship. I may go on holiday for a week or two and I may add a rule
to my Exim filter file which forwards mailing list moderation requests
to somebody whom I have 'volunteered' for the task in my absence. That
isn't even established by the recipient, let alone anyone at the
recipient's ISP who is involved with the decision as to whether to check
SPF.


If you are sending email to someone you have 'volunteered' without
their consent, that would be called "spam" by most people.  If you
have their consent, then the receiver has established the forwarding
relationship, even if they aren't the ones flipping the bits.

Now, I think all this is reasonable and doable.  You are no doubt already
composing your response to explain how this proves once again that SPF is
broken.  Don't bother.


No, I'm composing a response to ask, yet again, why you think this
breakage is preferable to the other schemes which don't have such
problems. What's wrong with CSV? What's wrong with the other schemes I
spoke of recently?


CSV doesn't do what SPF does.  ABBS/SES/BATV with call backs can, but
call backs are more expensive than SPF checks.  SES, used in
conjunction with SPF records and the exists: mechanism looks
promising, but then, that's still using SPF.


-wayne

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Sendmail white paper, (continued) RE: Sendmail white paper, Mark RE: Sendmail white paper, Scott Kitterman RE: Sendmail white paper, David Woodhouse RE: Sendmail white paper, Scott Kitterman Re: Sendmail white paper, Frank Ellermann RE: Re: Sendmail white paper, Scott Kitterman Re: Sendmail white paper, Frank Ellermann RE: Sendmail white paper, Scott Kitterman RE: Sendmail white paper, Scott Kitterman RE: Sendmail white paper, Scott Kitterman Re: Sendmail white paper, wayne <= Re: Sendmail white paper, David Woodhouse Re: Sendmail white paper, Daniel Taylor Re: Sendmail white paper, David Woodhouse Re: Sendmail white paper, Mark Shewmaker RE: Sendmail white paper, Richard Bang RE: Sendmail white paper, David Woodhouse RE: Sendmail white paper, Richard Bang RE: Sendmail white paper, Bruce Barnes Re: Sendmail white paper, Alex van den Bogaerdt Re: Sendmail white paper, George Schlossnagle