Mark Shewmaker wrote:
On Sun, 2005-09-11 at 18:40 -0400, Theo Schlossnagle wrote:
Recipients are not always the ones configuring aliases
that send mail to them. Others may do so legitimately as well.
Other than in the /etc/aliases style of forwarding, (which is still done
with the implicit permission of the receiver), where is it common that
other people set up forwarding aliases to your accounts?
If you join the board of you local home-owners association and they "add
you" to the alias. Any relatively small, relatively static group can
easily be placed into an aliases style forwarding where the members of
said group indeed want the email and yet did not formally request for
the alias to be set up. Almost all forwarding is done in /etc/aliases
style -- though no one really uses /etc/aliases anymore as synchronizing
a million forwarding address across a cluster of mailservers is tad
tricky with /etc/aliases.
Many
recipients couldn't communicate that information even if such a channel
of communication between user and admin was available -- they just
aren't aware of it as it has never been important.
Hmm.
So if the problem is that some recipients with longstanding addresses
won't know all the forwarding they've had sent to their address, I
imagine those recipients won't go to their ISP's email settings web
control panel and do the following:
1. Enable spf checking for their addresses
2. List their forwarding accounts.
But while they need not do the above if they don't want to, I still can.
So:
1. Do you have any complaints about that by-choice situation?
2. Do you have any complaints about ISP's by default enabling
SPF checking, and perhaps virus and spam checks), for new
accounts?
I don't have a problem with ISPs acting any way they please. It isn't a
regulated industry yet. Those that please their users retain them,
those that don't do not. I'm not an ISP, we just work with a lot of
them. If my ISP required that I tell them what possible IP space would
be forwarding mail to my account, I'd switch. First, it isn't really
their business, it is their business to recieve mail that I have sent to
that address.
I would say that an email technology that provides authentication before
receipt requires participation from both senders and recievers. As such
it is only useful with widespread deployment and adoption. opt-in on new
accounts and a general "by-choice" stance dramatically deteriorates what
I see as the advantage of an authentication framework for Internet mail.
I argue that SPF isn't so valuable unless it is ubiquitous.
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com