On Mon, 9 Apr 2007, Seth Goodman wrote:
Michael Deutschmann wrote on Sunday, April 08, 2007 7:37 PM -0500:
We need to trade off some of SRS's recipient convenience for some
forwarder convenience, so that we can actually have deployment at
both ends.
Suggesting that recipient systems must do more than SPF already asks is
not realistic. The adoption experience of the past few years has shown
that they will not.
This assumes the reason receiverside SPF checking is not common is technical
-- that SPF is somehow too hard to implement. That was true years ago, but
now most MTAs support it out of the box.
Rather, I contend the problem is political. Enabling receiverside SPF would
be a trivial config-file edit for most ISPs today, but they don't do it
*because of the forwarder problem*. Without the forwarding problem, SPF
would have a nearly-zero FP rate and be competitive with blacklists. But
because of the forwarder problem, the FP risk is too high (in relation to the
small amount of bad mail SPF would block).
Tenbox appears to add some automation to the forwarder whitelisting
process, but it doesn't sound significantly easier for the end user than
forcing them to enumerate their forwarding arrangements. The fact that
With TENBOX/E alone, the user does have to "enumerate their forwarding
arrangements". But at least they can do that -- to whitelist a traditional
forwarder takes guesswork that even a mail expert cannot do reliably. Under
TENBOX/E, all the recipient has to do is relay a simple code string (which
will probably be the same as the forward-from address) from his forwarder to
his local admin.
And TENBOX/E is only half of the TENBOX plan. After TENBOX/E is settled,
we'll work on TENBOX/O, which will make whitelist maintainence easier.
systems take on the additional problems. It might help if you
illustrate the use case of a non-technical user who knows nothing about
email transport.
TENBOX/O would provide a means for a forwarder to send a special message
to an ISP saying "I'm starting a forwarding relationship with your user
<user(_dot_)next(_at_)hop(_dot_)example>, under TENBOX token
<user(_at_)fwd(_dot_)example>, please
whitelist me". The ISP mailserver would then send a seperate message,
much like a mailing-list confirmed opt-in, to the end user asking him to
take some sort of affirmative action if the forwarding relationship is
legitimate. If the end-user confirms, then the mailserver would add the
token to the user whitelist, and send a message to the forwarder informing
him the whitelisting was granted.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735