spf-discuss
[Top] [All Lists]

Re: SPF+SRS vs. BATV

2005-07-05 16:27:53
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Woodhouse wrote:
Again I don't think it's particularly contentious to point out that it
_is_ very difficult for larger mail providers to keep track of the
various hosts which may forward mail on behalf of their users. [...]

Not only do the admins of such systems need to force their users to
maintain the lists manually,

Not any more manually than subscribing to a mailing list, for instance.

but it's actually very hard to work out what IP addresses should be
permitted,

No.  You keep ignoring the solutions that have been proposed here.

Does anyone have any counterexamples?

Perhaps not, but so what?  Proof by missing counter-proof never really was 
a good kind of argument.

If I'm disrespectful, then my disrespect is aimed at those who insist on
putting the cart before the horse by pushing for standardisation of SPF
in its current state (and the current state of the world), and by
advocating SPF to third parties without first fixing the problems.

Fixing the envelope-sender-forgery problem and fixing the not-sender- 
rewriting problem go hand in hand.  We'd still be using MS-HTML and 
NS-HTML browsers today if we had insisted on getting the browsers 
compatible to each other first before creating a new and independently 
standardized version of HTML.

After someone has torn down their SPF record, or disabled their SPF
checks on incoming mail due to the forwarding problem which wasn't made
clear to them in the initial hype, they're going to be _very_ reluctant
to try anything like it again. And that is a _very_ bad thing.

It's not as if the SPF project wasn't being very explicit about the 
forwarding problem.  If you think that the forwarding problem is being 
brushed under the carpet, then you're no less ignorant of our efforts at 
pointing out that problem than those people who allegedly try SPF without 
thinking first, get burnt, and then refuse "to try anything like it 
again".  The issue is clearly explained in the website FAQ and in the 
specification.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyxd5wL7PKlBZWjsRApAxAKDjWcA6Mawc/MthgzPQH4zEwbODMgCfdLtz
GSStmhcb69jkOmLz1Tnhfjw=
=mN/U
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>