Re: SPF Stats
2005-07-04 21:58:04
--David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
On Sun, 2005-07-03 at 23:10 +1200, Lennon - Orcon wrote:
Forwarding / SRS is the big killer of SPF at the moment.. more people
have to start using SRS. (how many commercial mailers (or even
non-commercial do) by default?
There isn't even an internet-draft being put forward which standardises
SRS. It seems to be entirely dead in the water, and yet it needs to be
done _before_ any official blessing of SPF can (sanely) take place.
I wouldn't say that's entirely true. SPF would benefit if the forwarding
issue were to be solved, but there are other approaches that receivers can
use. (However the words "official" and "sanely" provide some room to be
subjective, so I won't go so far as to say "you're wrong". The following
is intended to be read as my opinion only, not as proof of anything :)
A lot of ISPs are asking users to maintain whitelists, and if a message
comes in from someone not on the whitelist, it stands a reasonable chance
of going into the Bulk folder or whatever. Receivers could do something
similar with forwarding - they can advise users that if other mail
addresses are being forwarded here, they should mark those forwarding
domains as accepted forwarders.
It's easy to imagine a big ISP providing an interface for users to
whitelist certain forwarders by domain name (which would take care of the
very small forwarders) or even to imagine that they might take domains that
have been whitelisted by 1000 or more users and put them on the global
whitelist, as long as the forwarder doesn't have a significant spam problem.
It's a problem that requires imagination, cleverness, and some hard work,
but I wouldn't go so far as to say it's an impossible problem to solve.
In the meantime, some senders continue to publish SPF records with
'-all' and say "you should trust the recipients not to honour SPF if
there's a forwarding problem", while some recipients continue to reject
for a 'fail' result and say "but I'm just doing what the sender said".
And genuine mail continues to go missing for these people.
Forwarding is something that can't properly be tracked by _either_ the
sender or the recipient, in the general case. My ISP certainly doesn't
have any way to tell how many of its customers forward mail to its
servers, or from where. Hence they know perfectly well that they'd lose
business if they were silly enough to reject mail for an SPF failure.
In general I would agree that this is the current state. You definitely
need a whitelist of some kind if you plan to reject mail on SPF failure.
If I were in an important position at a big ISP, I would be running tests,
trying to identify forwarders, and perhaps doing some development on ways
to prompt users to enter their forwarding addresses.
Probably the smart thing for those ISPs to do would be to put the mail into
the Bulk folder or something similar, until the customer indicates that the
forwarding address is actually his. I wouldn't recommend that people
actually reject spf-fail at this point... not without a good whitelist and
a good interface for people to add to their personal forwarding whitelist.
In that way I agree with you. I would classify it as "definitely not ready
for prime time" but I probably wouldn't go so far as to call it dead in the
water.
Unfortunately SPF doesn't have a marketing wing, so there are very few
people getting on the phone to ISPs to try and sell them on the idea of
tracking forwarders, offering whitelisting, doing a phased rollout, etc.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- SPF Stats, Lennon - Orcon
- Re: SPF Stats, j o a r
- Re: SPF Stats, Lennon - Orcon
- RE: SPF Stats, Scott Kitterman
- RE: SPF Stats, David Woodhouse
- SPF+SRS vs. BATV (was: SPF Stats), Julian Mehnle
- Re: SPF+SRS vs. BATV (was: SPF Stats), Tony Finch
- Re: SPF+SRS vs. BATV, Frank Ellermann
- Re: Re: SPF+SRS vs. BATV, David Woodhouse
- Re: Re: SPF+SRS vs. BATV, Stuart D. Gathman
- Re: Re: SPF+SRS vs. BATV, wayne
- Re: Re: SPF+SRS vs. BATV, David Woodhouse
|
|
|