On Monday 13 November 2006 16:23, Alex van den Bogaerdt wrote:
On Mon, Nov 13, 2006 at 03:00:18PM +0000, K.J. Petrie wrote:
My
concern about relying on SRS is that it gives the impression the problem
has been fixed when it hasn't, because one system administrator cannot
know what another will do.
I see forgery as the problem, and stopping forgery as the solution.
Certainly it's a problem, but it's not the one I'm trying to address in this
thread.
When a forwarder uses my name, it is a forger. When this forger starts
using SRS (or any other method) it is no longer a forger thus the problem
is solved.
If the forwarding were unsolicited I would agree with you, but no one is being
deceived in this case. The forwarding is just a convenience for the intended
recipient. You are not hurt by it, so why is it a problem?
Let's look at an extreme example...
Everybody is going to use forwarding. Forwarders stay as they are now,
dumb but cheap services. I don't expect they will be doing SPF
verification.
I think they're more likely to do it if they don't think it undermines their
business model.
Next: Every ISP is going to create a "workaround for SPF", meaning they
stop verifying SPF.
Why would they want to do that?
Nett result: nobody uses SPF records anymore.
I would have thought the less disruptive SPF becomes, the more its advantages
outweigh its disadvantages, the more likely people are to use it.
The problem is NOT that messages aren't accepted. The problem is mail
being forwarded using the author's name as sender.
They're both problems for some people.
Fixing problems at the wrong place will always result in new problems.
If you're looking for a solution to "SPF's forwarding problem", you are
looking at the wrong place, at the wrong protocol (don't shoot the
messenger!) and will end up with the wrong "solution".
I don't want to shoot the messenger. I just want to be sure the message is
valid and useful.
Your "solution" is to not use SPF,
When did I say that? But it will be people's "solution" if SPF is not as good
as it should be.
and you're going to do so at a place
where it actually is doing its job very well.
No, I'm going to do it at a place where it will be completely useless because
we already know all messages will fail, even the ones I want to receive!
There's no point doing a check when we know the result in advance. That would
be a waste of resources.
If you forward messages
you receive, I do not want to be the one getting the bounces.
If I forward messages I receive (ie from me to someone else in my E-mail
client) any bounces will come to me. If my incoming messages reach me by
forwarding, they won't bounce, because they've reached me. Why would you get
bounces?
Peace,
KJP.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to http://v2.listbox.com/member/?list_id=735
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735