spf-discuss
[Top] [All Lists]

Re: Explain please

2005-07-06 00:02:59
On Wed, 2005-07-06 at 02:39 +0200, Julian Mehnle wrote:
Do all the Qmail or Exim or Postfix or Exchange installations out there 
support BATV or DKIM already?

The Exim installations do, yes. I use a completely unmodified version of
Exim with no external software (other than SpamAssassin and the obvious
libraries). I don't know about other MTAs.

I believe Exim has DK support now too, although it requires external
libraries and isn't enabled by default -- and obviously isn't 'DKIM'
yet.

But you're going off at a tangent. Of course those who want to
participate might need to do something. We were discussing the question
of whether it needs massive buy-in from non-participants. I don't need
to persuade anyone else to change long-standing behaviour merely in
order to work around flawed assumptions which are part of the design of
BATV. Neither are such changes required to work around flaws in the
design of DKIM. It's only SPF that places bizarre new requirements on
third parties.

Oh, I forgot, your plan doesn't include practically everyone participating 
in the scheme of choice, so a lot of otherwise necessary upgrade work can 
of course be saved.

It seems that you did, yes. Either that or you're confused about the
difference between:
 1) The obvious requirement that the _participants_ have to actually do
    something in order to use a scheme. Even just running SpamAssassin 
    locally requires you to do _something_.
and
 2) The requirement which SPF has, that even uninterested third parties
    change their long-standing forwarding behaviour in order to make
    SPF's assumptions become valid.

The former isn't what people mean when they talk about massive changes
to existing infrastructure and practice. The latter is.

You said "No other proposal, be it BATV or DKIM, requires significantly
less massive changes to infrastructure in total than SPF", which is
blatantly false. 

However, if you what you _meant_ to say was that no other proposal
requires less change at the _participating_ domains, regardless of any
requirement to change the _rest_ of the world, then I take back my
contradiction. The majority of the problem at any given site would
probably be getting the users to use SMTP AUTH, which is required for
just about any scheme (although BATV could do without, it'd be a PITA).

However, I'd point out that your corrected statement, while true, would
be largely irrelevant -- it's the requirement to change the rest of the
world which is problematic, not the relatively minor changes required at
any given participating site.

I can suddenly declare that I want to drive on the right-hand side of
the world like the rest of the world does. Each driver in the country
can make that change at relatively low cost to himself/herself. Yet I
would be foolish to advocate this, because we have to recognise the
difficulty of getting _everyone_ to change, just to accommodate my whim.
It's not about those who want to participate; it's about those who have
no interesting the latest crackpot scheme, and even those who are
actively opposed to it because of the existence of less intrusive
alternatives.

BTW, I'm both publishing and checking SPF, and I'm not using SRS myself, 
still the system works for _me_, to the degree to which others have chosen 
to participate.  Massive changes to the world's existing practice were not 
required.

And how many users does your domain have? How many forward their mail
elsewhere, and how many have mail forwarded to your servers _from_
elsewhere?

-- 
dwmw2


<Prev in Thread] Current Thread [Next in Thread>