On Monday 13 November 2006 22:53, Frank Ellermann wrote:
The problem is not your cheap ISP. The real problem is your cheap
forwarder, ditch it.
and Alex van den Bogaerdt wrote:
Fixing problems at the wrong place will always result in new problems.
I couldn't put it better. These two quotes sum up my problem with the current
state of SPF. (To be fair to Frank, he also made a number of positive points.
I am not suggesting a blanket whitelist. The current standard does that! I'm
suggesting recommending users can determine SPF policies for their own
accounts; much less dangerous.)
SPF is a voluntary standard, but in this area it is formulated in a way which
would only make sense for a compulsory standard. A mandatory standard could
apportion responsibilities to different people operating in different parts
of the network, because they would all be required to comply with their part.
But SPF is a voluntary standard. It therefore needs to be designed to work
when it is adopted in a piecemeal manner at various times by various people,
and when some will decide not to adopt it at all.
In such a voluntary standard, it simply makes no sense to place responsibility
with anyone other than the one individual who chooses to adopt it. Placing
responsibility on third parties is just plain stupid. There may be many
problems with cheap providers but this is not one of them. The problem here
is that SPF is trying to place responsibility on someone who is under no
obligation to accept its authority. That's just not a way to design a
voluntary standard.
If I am to take SPF seriously (and I suspect others will agree with me) it
needs to place responsibility for solving problems which might arise from its
adoption with its adopters, not elsewhere. I am also unconvinced by the
thesis that changing nothing is forgery. Preserving the identity of the
original sender is forgery? If SPF defines it as such, why does it think the
rest of the world would agree?
I started this thread with a proposal which was shown to be unnecessarily
complex and problematical, and I was steered gently in this direction. Now I
have come up with something based on that steered direction I have received
hostility based on unexplained assertions. If there's still something wrong,
let's sort it out. Please explain what the problems are with my modified
proposal.
That's not much to ask, is it?
K.J. Petrie
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to http://v2.listbox.com/member/?list_id=735
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735