spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Stay on Topic

2005-04-14 07:32:14
from [David MacQuigg] [Permanent Link] 
I long ago stopped reading this thread, and I suspect others have as well.
Please change the subject line when the discussion wanders off the original topic. Long, wandering threads are useless in an archive, and any good information gets buried. 

-- Dave

At 09:57 AM 4/14/2005 -0400, Hector Santos wrote:



----- Original Message -----
From: "Tony Finch" <dot(_at_)dotat(_dot_)at>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, April 14, 2005 9:09 AM
Subject: Re: [spf-discuss] DNS Loading Comparison


> I've implemented it.

One administrator patch doesn't count.  :-)

What SMTP product/server are you using?  EXIM? Are you the author of Exim?
Can you give maybe 100 or so  CSV domain ready systems, if not  just 5 or
10?   Does AOL, MICROSOFT and other major vendors support CSV?   I mean, if
AOL and other major sources of spam did not defined SPF policies,  it would
be hard to justify SPF.   If AOL or MICROSOFT add support for CSV,  I will
add it.  if not, "forget about it."  Why bother?

> Why do you think AUTH and CSV have anything to do
> with each other?

If you implemented CSV, you should know the issue.

An ESMTP AUTH conversation is a serials of commands after the EHLO.   CSV
promotes NO concepts of delayed verification - you proved it in your
previous reply when you blabbed out, " Irrelevant" and  "Not within CSV's
scope."

You said "irrelevant" to ESMTP AUTH which means that you are either doing an
open ended HELO/EHLO check or you are waiting to see if the user is using
ESMTP AUTH to authentication, in which case, at this point, CSV is
irrelevant and unnecessary.

You said "Not Within CSV's scope" to deal with considerations of checking
other process parameters to see if the mail could even be delivered in the
first place

To apply CSV to authenticated users or mail that can not be delivered is a
waste and overhead.  In the case of CSV, to the tune of atleast 80% overhead
since atleast 80% of the return paths are spoofed or NXDOMAIN.

A chicken and egg problem.  Hey, don't worry. SPF has the same issue too -
50-65% overhead because it needs to atleast check RCPT first!

> > That explains why CSV is not within anyone's scope neither! :-)
>
> You seem to want every specification to solve every problem.

We have designed, developed and market for the past 1.5+ years a system
called WCSAP that implements an integrated _suite_ of various AVS protocols.
I think that should negate your untrue presumptions about what I want.

----
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats  (WcSAP Anti-Spam Stats)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: spf, Graham Murray
Next by Date:  Re: spf, Alex van den Bogaerdt
Previous by Thread:  Re: DNS Loading Comparison, Hector Santos
Next by Thread:  Re: Stay on Topic - STOP CHANGING THE DAMN TOPIC, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]