spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Can this really be true?

2005-09-26 09:29:57
from [Stuart D. Gathman] [Permanent Link] 
On Sat, 24 Sep 2005, Dick St.Peters wrote:


The point you keep missing is that SMTP AUTH does nothing to fix
this.  If users can send mail using SMTP AUTH, they can send spam
using SMTP AUTH, and an ISP that does not police its users sending
mail without AUTH is even less likely to police those using AUTH.
Policing is what matters.


The point I think you are missing is that with SMTP AUTH, the ISP
can prevent forgery.  Your point is correct: if all customers are simply
using the ISP provided domain, then SMTP AUTH adds absolutely nothing
(except to prevent forgery of another customers localpart - if implemented).
However, an ISP can require all customers wishing to use their own domain
to register that domain with the ISP relay (if they want to use the relay).
Combined with blocking port 25, this will stop all forged mail from
the ISPs net blocks.  Here at SPF, we are not directly concerned with stopping
spam, but with stopping forgery.

I'm sure you'll point out that a spammer can simply register his/her
throwawy spam domain de jour.  But this is yet another cost to a
spammers business that is insignificant for a legitimate user with
a long lived domain.  Also, a high rate of domain registration is
a big red flag for an ISP policing spam (as opposed to preventing forgery).

True, this does nothing to stop spammers from sending their crud MAIL FROM
the ISP domain, and the ISP will have to continue doing the stuff you
talk about to maintain their own domain's reputation.  But those
of us clamoring for SMTP AUTH (with cross customer forgery prevention
implemented) are after the forgery prevention - not because we think
it will directly stop spam.  We just want accountability.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Can this really be true?, Frank Ellermann
Next by Date:  Re: [spf-discuss] Can this really be true?, Dick St.Peters
Previous by Thread:  RE: [spf-discuss] Can this really be true?, Seth Goodman
Next by Thread:  Re: [spf-discuss] Can this really be true?, Dick St.Peters
Indexes:  [Date] [Thread] [Top] [All Lists]