On Sun, 8 Apr 2007, Seth Goodman wrote:
I don't agree. Identifying the party responsible for a given message is
fundamental to stopping network abuse in general. If forwarders to be
part of the solution rather than part of the problem, they have to be
careful of what they send and that means taking responsibility for it.
So how can they take responsibility in this case? The only thing that
will avoid backscatter and work on an automated basis is to refuse all
neutral/none/softfail messages. Today, a forwarder that does that would
be regarded by its users as more broken than one that requires the
ultimate recipient to not use recieverside SPF.
I would still like to hear how tenbox might reduce effort and user
complaints for recipient systems.
Basically, they get to use SPF! Presently, recipient systems are afraid
to activate reject-on-SPF-fail because some of their users may recieve
traditional forwarding.
SRS is a chicken game. If recipients apply SPF and forwarders don't use
SRS, the forwarding system breaks completely. There are two paths out of
the broken state -- the recipient can relent and disable SPF, and the
forwarder can relent and use SRS. Unfortunately, the will of the
recipient to endure the broken state to achieve the most satisfactory one
(SRS and SPF), is less than the will of most forwarders to endure the same
state to achieve their most satisfactory one (no SPF or SRS).
SRS is nicer to the recipient than TENBOX/E. But SRS is already 100%
deployed at the recipient end (since recipients don't need to do
anything), and yet is a failure because of poor uptake by forwarders. We
need to trade off some of SRS's recipient convenience for some forwarder
convenience, so that we can actually have deployment at both ends.
Big ISPs who want to stay off the FrankBL would maintain their own
blacklist of forwarders who ignore SPF and simply refuse to allow
their customers to extend TENBOX/E trust to those forwarders.
BigISP doesn't care about FrankBL (they like Frank, but they barely care
about SPF). BigISP also does not care about forwarders' problems or
even their continued viability. They care only to minimize complaints
from their own users.
Users will complain if their forwards stop working and the forwarder
tells them only their ISP can fix it.
If enough people feel like Frank does, they will use the FrankBL to
protect themselves from backscatter, and the ISP will recieve
deliverability complaints when they ignore FrankBL listings.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735