On Tue, 2005-07-05 at 14:10 -0700, Greg Connor wrote:
David- I can understand your position and your approach seems to be working
for you. However, your argument style makes it pretty clear that you have
a low opinion of people who are trying to actually *solve* the forwarding
problem.
Not at all. I have a low opinion of people who try to brush it under the
carpet, perhaps -- but actually trying to solve it is a perfectly
reasonable approach.
Yeah, I happen to believe that it's not _worth_ trying to fix it,
because the alternatives to SPF don't need such 'fixing'. But that's
clearly my own opinion.
Your argument style also shows contempt for other opinions besides your
own, as if you have the facts and other people have misguided opinions.
Please understand that value judgements such as "SPF is dead in the water"
I don't think it's entirely contentious to state my opinion the SPF is
dead in the water _unless_ the forwarding problem gets fixed. The
forwarding problem really does need to be fixed if SPF is going to work
and become the norm. Isn't that what people want?
and "You can't expect large ISPs to keep track of forwarded mail" are NOT
facts - they are YOUR opinion.
Again I don't think it's particularly contentious to point out that it
_is_ very difficult for larger mail providers to keep track of the
various hosts which may forward mail on behalf of their users. During
the course of the conversation, the disagreement seemed mostly to be
about the precise cutoff point where it becomes infeasible.
Not only do the admins of such systems need to force their users to
maintain the lists manually, but it's actually very hard to work out
what IP addresses should be permitted, even if you do manage to elicit a
list of forwarding addresses from all your users. That _is_ a massive
problem; both technical and political.
Does anyone have any counterexamples? Has any ISP of any significant
size actually implemented a 'trusted forwarder' solution effectively and
reliably?
Out of that part of the discussion arose a suggestion (from William
Leibzon) which could help to solve the problem of finding IP addresses
which may be used for forwarding via a given domain, because it's
_different_ to the set of IP addresses which might be used to original
mail _from_ that domain. Is that such a bad thing?
Please don't disrespect people who are
working hard to solve a problem just because you disagree on whether it's
worth spending time on.
That's fine. Work on fixing the forwarding problem, by all means. You
certainly don't need my permission or my approval.
If I'm disrespectful, then my disrespect is aimed at those who insist on
putting the cart before the horse by pushing for standardisation of SPF
in its current state (and the current state of the world), and by
advocating SPF to third parties without first fixing the problems.
After someone has torn down their SPF record, or disabled their SPF
checks on incoming mail due to the forwarding problem which wasn't made
clear to them in the initial hype, they're going to be _very_ reluctant
to try anything like it again. And that is a _very_ bad thing.
--
dwmw2