On Wed, 2004-11-24 at 02:17, David Woodhouse wrote:
What I object to is the disingenuous SPF wizard which encourages others
to make the same decision, without warning them that they'll be throwing
away valid mail if they do. Perhaps it _is_ your right to deceive the
general public, but that doesn't mean that it _is_ right to do it.
Once again, SPF does not "throw away valid mail". Forwarders who
improperly implement forwarding (that is, without using SRS, or
re-injecting mail into the system without taking responsibility for it,
see below) in a world that implements SMTP+SPF are the ones who risk
"throwing away valid mail". In a world where SPF is adopted and
majority accepted, old-world style forwarders are not forwarders at all,
but rather forgers.
This is exactly the same as properly implementing a DNS server if you
want people to be able to resolve addresses within your domain. There
were minimum requirements for participation -- those minimum
requirements are changing, changing for the good, and those who do not
want to get up to speed on the changes risk being left behind. Boo hoo.
Only yesterday I found someone who'd installed an SPF record after
looking at the SPF wizard, and without really thinking about it for
themselves. After I got them to look at what SPF actually does and apply
their _own_ brain rather than just using the wizard, of course they
removed the record.
Then they made a comment along the lines of "we just need email to be
signed by the outgoing mail servers, and the signatures checked by the
recipient". Which is of course true -- so I pointed them at DK and IIM.
This is a very interesting story. Unfortunately, it is completely
unrelated. If this person truly was interested in exactly what you
paraphrased him as saying, then why did they even explore SPF as an
option for what they want to acomplish? The wizard at
http://spf.pobox.com/wizard.html mentions absolutely nothing about
"signing outgoing messages" nor "signature check[ing] by the
recipient". Just because a wizard exists doesn't mean people don't have
to think for themselves -- and blaming people not thinking on the wizard
is, well, not very ingenious either.
Only yesterday I found someone who'd installed a Bunsen Burner after
watching a cooking show, and without really thinking about it for
themselves. After I got them to look at what a Bunsen Burner actually
does and apply their _own_ brain rather than just watching a television
show, of course they removed the Bunsen Burner.
Then they made a comment along the lines of "we just need to cook
thanksgiving dinner for forty, and it can't be served in laboratory
glassware". Which is of course true -- so I pointed them at Martha
Stewart and a Betty Crocker cookbook.
Earlier, on Tue, 23 Nov 2004 16:38:48, David Woodhouse wrote:
On Tue, 2004-11-23 at 11:26 -0500, Scott Kitterman wrote:
I said that forwarding is a problem for the receiver because it's the
receiver that establishes the forwarding relationship.
But it's not. It's the _forwarder_ that establishes the forwarding
relationship. I may go on holiday for a week or two and I may add a
rule to my Exim filter file which forwards mailing list moderation
requests to somebody whom I have 'volunteered' for the task in my
absence. That isn't even established by the recipient, let alone anyone
at the recipient's ISP who is involved with the decision as to whether
to check SPF.
A person can not be a forwarder unless they are a also a recipient. A
recipient becomes a forwarder ONLY once they establish a forwarding
relationship. A sender (as the originator of the message) can not be a
forwarder. Since you acknowledge that the forwarder is the one setting
up forwarding, presumably the forwarder is supposed to take
responsibility for re-injecting a message into the system. How this
"taking responsibility" happens is beyond the scope of SPF, all SPF does
is define where the boundaries of responsibility lie. Maybe they get a
forwarding service that implements SRS and pay them. Maybe .forward
style forwards become obsolete and "forwarding" will cease to be a
PUSH-to-the-next-hop-style service and start becoming a a PULL/POLLING
style service, where "forwarders" will provide POP3 mailboxes or ETRN
that have to be polled periodically -- some email providers already
provide these kinds of services, email aggregators, where "users as
forwarders" do not set up "forwarding" but "users as recipients" do. In
this brave new world, it's time to start taking responsibility for your
participation in the system, and SPF lets you know which parts you have
to take responsibility for and when you have to take responsibility.
You continually mention the "alternatives". It might be a worthy
exercise to explore why SPF has gained so much traction and few of the
alternatives have. It is not SPF nor the SPF supporters' fault that
alternatives are not as popular as you claim they should be.
Responsibility for the popularity of the alternatives would seem to rest
squarely on the shoulders of the alternatives.
Andy.