spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS Loading Comparison

2005-04-14 04:44:49
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Tony Finch" <dot(_at_)dotat(_dot_)at>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, April 14, 2005 7:10 AM
Subject: Re: [spf-discuss] DNS Loading Comparison



On Thu, 14 Apr 2005, Hector Santos wrote:


CSV requires far more of an infrastructure change


Huh? It requires no changes to email routeing or addressing, just the
publication of a few records in the DNS. This is much less of a problem
than SPF.


Come on Tony.  CSV's client FQDN requirement mandates change across the
board, including MUAs, MSAs, MTAs and MDAs, as well to satisfy the chain of
trust in order to effectively work.

No one can dispute this.  If this wasn't the case, maybe more than zero SMTP
systems would of implemented it by now, at the very least for R&D!

SPF has following and allows for R&D because it absolutely requires far less
of an infrastructure and operations change.  If that was not the case,  we
probably would had not explored it and eventually implement it in the first
place.

Please note I am not implying SPF is better or worst than CVS conceptually.
SPF has its issues. But if you ask me, an SMTP commerical vendor eager to
implement ideas that will work, CSV was investigated and simply doesn't cut
it for me.   It will only work well when everyone begins to use client FQDN
across the board.  It makes no sense if a MUA/MSA transaction is CSV ready
when the MTA or transition hops or the MDA doesn't support it. It might
reject the transaction based on SPF or something else!


CSV still suffers from a chicken and egg problem


Not really. Certain common kinds of forged spam are detected by a
single-site deployment of CSA, which means it will deal with about 5% of
junk even before network effects start to occur.


I'm talking about implementations barriers.

How about ESMTP AUTH state machine conversation issues?

How about 80% of all transactions being spoofed or NXDOMAIN at the returned
path?

How about 50-65% of all transactions being having invalid forwarding paths?

Please don't use the same old opinion these are BCP related issues. Its not.
They are very important issues in this new era.  No longer BCP in my view -
but a requirement for proper email security operations.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS Loading Comparison, Tony Finch
Next by Date:  Re: IESG and, Hector Santos
Previous by Thread:  Re: DNS Loading Comparison, Tony Finch
Next by Thread:  Re: DNS Loading Comparison, Tony Finch
Indexes:  [Date] [Thread] [Top] [All Lists]