spf-discuss
[Top] [All Lists]

RE: Engineering, Politics and Internet and how it relates to SPF (SPF 2/3 maybe it is time to get this going)

2005-06-18 19:53:14
Gentlemen;

After lurking for the past week or so and watching all of the debate about
the IETF and website, here's my opinions . . .

Can we please FORGET Microsoft and SENDER-ID when it comes to presenting
SPF.  Let's not play politically correct any more - let's play SMART and
teach the rest of the internet community that SPF is indeed alive and well!
Yes, we're going to insult some people in the process - that's life - there
are people out there who are attacking the SPF Community every day by
stating that SPF doesn't work in very public articles and discussions.

We need to immediately make it EXTREMELT CLEAR that SPF1 has NOTHING to do
with any Microsoft product, past present or future, and is completely NEW
product and not part of any current reincarnation of SENDER ID.

GET RID of the SENDER ID references on the website - NOW - all that link is
doing is hurting our attempts to move forward.  We've been talking about
this since January, 2005 - now that we've got control of the website, GET
RID OF THE SENDER ID REFERENCE!

Worry about the "future" after we take control of all the rumors about SPF
being DEAD and still affiliated with SENDER ID.

IMHO, the biggest part of the problem is the fact that the statement "SMTP +
SPF Sender Policy Framework an essential part of Sender ID" is still
PROMENENTLY displayed in the upper right-hand corner of the SPF website!

With regard to the website domain name, I choose anything that states
SPF.ORG in the name.  All of the other domain names can resolve to that site
and any mirrors.  Find a well-qualified company or organization that's been
around for a while and thinks in the same manner as the majority of the
group and the them be responsible for the registration and renewal of the
main domain name.  I'll pledge $100.00 right now for the domain name hosting
fund.  Tell me who to make the check out to and where to send it.

If Meng is going to contribute to the confusion by containing to report on
SENDER ID while, at the same time, speaking about SPF, and making people
think that the two are linked in any manner, then it's time for him to be
removed from the Council - period.  Meng may have once been an asset, but he
is now a liability.  He neither represents the interests of the SPF group
any longer nor does he attend most of the meetings.

Let's get our act together, people!  Someone who will be speaking WHOLELLY
for the SPF group needs to make our position CLEAR in Paris in July.  If we
don't do it then, we'll forever be the laughing stock of every group that
has ever tried to slow down e-mail forgery.

NO MORE CONFUSSION.  NO MORE REFERENCES TO SENDER-ID.  NO MORE SHOOTING
OURSELVES IN THE FOOT!

One of the 158 people who DID sign the "SPF community pledge" list at:
<http://www.OpenSPF.org/cgi-bin/openspf_pledge.cgi> - 4th from the top.

Bruce Barnes
ChicagoNetTech Inc





-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of
william(at)elan.net
Sent: Saturday, June 18, 2005 21:27
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: X-IMail--PHRASE (SPF-Pass) Engineering, Politics and Internet
and how it relates to SPF ([spf-discuss] SPF 2/3 maybe it is time to get
this going)


i
On Sat, 18 Jun 2005, Hector Santos wrote:

experience with IETF by now to understand why they'd never agree to it
...

I have experience to know that a separating of disciplines - enough to
confuse any matter,  but I do think they are just industry veterans
(managers) and if I ever did had the privy to argue the case with them,
we
wouldn't be in this position :-)

Go ahead and argue. Next meeting is in Paris end of July. If you didn't
take a vacation yet, Europe is always good consideration and one week in
Paris is great even if couple days you spend at the conference.

But I really don't think you arguing it will make any difference (not more
so then me or Frank or several other people individually - this is not IETF
of old any more). So you should view in that sense as to why I organized
'SPF Organization' poll in November - it was the last opportunity to do
so with how things were going and it worked very well as I see it.

I don't think many can argue with sound technical common sense and in that
vain, I am an optimist and always felt that common sense always does
prevail.

"sound technical common sense always prevails" is eternal hope of an
engineer and it may work fine until you mix politics and large companies
with agenda not on technical excellence but marketing their own products
to maximize the revenue. If sound technical reasons mattered to them,
we'd not have proprietary .net and java would be an open standard. We'd
not have OS so widely used that is one of the biggest contributors to
increase of spam by 400% in the last 2 years - we might instead be using
better engineered OS/2 or switched to GNU/Linux.

I'm optimist too that best engineering will ultimately prevail, but I'm
also a realist that it'd not happen just because its better engineered
and that we have to work within environment we're in (play on their board
with their rules) if the result is to be achieved (or otherwise the only
other options are to choose different board or force rules change for
existing board).

But I also think the way SPF is being done here can be better - better
argued for.  Too much political conflicts.  Stay away from that and just
present the facts - the common sense - make them realize this.

Its easy to say but in practice SPF not being accepted for proposed
standard did not much to do with technical presentations. I've seen
proposals with less development and no implementation being accepted
easily - but there was no politics involved there.

ESPF sounds nice though and easier to use then saying unifiedspf.

Its all about how you put things, and if ESPF is presented as the Extended
Features to SPF in the same vain ESMTP presents the extended features to
SMTP,   they will have very little to argue again this.  So its more than
just "sounding good,"  it is common sense.

And you must remember that originally Meng and MS wanted things presented
in opposite as SID and SPF being part of it. It sounded good them but not
to us. Now we present it the other way around, do you really think they
are going to accept it given what they still say about SID?

Yes it maybe technically right, but its not going to fly unless MS agreed
to have SID considered as part of ESPF or UnifiedSPF or whatever. Its not
just about us calling it that, its about them agreeing and accepting this
arrangement!

After all,  SPF1 is the current pseudo standard and there is NO way on
earth people are just going to DROP it for SPF2 when there is no clear
advantage and in fact, could cause more problems.

People? Who are the people? How would they know - by IETF agreeing with
both SID and SPF being RFCs on equal footing? By their managers telling
them they want this deployed ASAP because they've read it in CIO magazine
and because MAAWG tells its a good thing?

Just consider this: We and many mail server vendors existed in the
commercial BEFORE the internet.  Do you really think we added SMTP just
because it was the "IETF" standard?   No the standard existed for YEARS -
we
added it because people wanted a common framework that was not proprietary
and since more and more people demanded it, it was then offered.

It was common framework because IETF developed it in such a way. It was
used by you and others because ietf is de-facto technical specification
organization for internet protocols and internet became de-facto global
network replacing other initiatives (like FidoNet, DECNET, MCIMAIL,
Microsoft Network 1995, Compuserve, etc), this happened in big part
because of the protocols that were developed for it by IETF and openness
in the network connectivity (result of open protocol development process).

But there are still people who don't like this openness and how it all
happened. Its not something that can be acceptable to some governments
or some large companies that setup proprietary networks. They can not
change Internet immediately but they can change individual parts and can
try to effect Internet on global scale by attempting to replace ICANN
by WGIG and IETF with ITU. Do you not follow global developments? You
should, see http://www.wgig.org and think hard about what is being said.

But we just didn't add SMTP because it now the IETF.
SPF1 is here. No one can change this.  Not even IETF.

No, that the thing - they still can. What happened in the last 6 months
made it much harder, but it is not yet impossible.

So you compromise - SPF people should welcome "extensions" including
SID as long as it is published as ESPF draft and the IETF should also
welcome this and other new ESPF extended drafts because we have a basic
framework in place - SPF.

Well, I'm sure SPF people would welcome extensions, bit I doubt they
wants replacement, which SID is trying to do. Its basic matter of
who is in the control at the base and what the base is (and I'd like
it to be IETF, but they must prove themselves for it...)

The basic framework SHOULD not begin with SPF2 because it basically
enforces only 1 way to operate - it enforces the PAYLOAD  and this
is by far the single most barrier to its acceptance.

We all can see new ESPF idea that are not related to SID.  Suppose someone
proposes a new 2822 HEADER such as:
       SENDER-DOMAIN: <responsible domain>

I did, you must have missed one of my drafts...

Then a ESPF draft can be written for it I won't be able to do this with
SID if it was the official standard and not SPF.

Correct.

That is what you have to present to the Hardies.

You need to talk about the future because we still have to research the
spam
problem.  We can't lock ourselves into a patented SID - single solution -
framework that has absolutely NO guarantee of working whatsoever and if
fact
present more problems than it solves.

And all luck to you presenting this to Mr. Hardie....
(you some of us did try it already with technical arguments and research)

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>