spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: advice wrong, or is it?

2007-12-21 16:11:13
from [WebMaster] [Permanent Link] 
At 02:23 PM 12/21/2007, you wrote:


On Fri, 2007-12-21 at 22:15 +0100, Alex van den Bogaerdt wrote:
> There is absolutely no forwarding problem.  The person receiving a
> message (note: receiving!) is resending the message using someone
> else's email address.  He's doing the damage but expects others to
> clean up after him if things fail.

This is how SMTP has worked since the early 1980s, and still works
today. If you choose to believe that by continuing to be compatible with
how email has worked for over two decades I am 'doing the damage', then
so be it.

If you use -all, there are situations in which your mail will be thrown
away. If you reject for failure, there are situations in which you will
be throwing away genuine mail, forwarded through normal, SMTP-compatible
systems.

It's very disingenuous of you, Alex, to tell people otherwise.

> What's worse, he himself is sending to an account which *also* opted
> in to SPF. So the troll *is* using SPF.  Else there wouldn't be a
> so called problem.

You seem very confused, or very dishonest. I am not using SPF at all.

--
dwmw2
I am even more confused. If I understood Mr. Woodhouse properly, he originally painted a scenario where I think he said words to the effect that by having a "-all" approach to one's SPF record, somehow a message sent by Mr. Woodhouse could not be forwarded and that receivers would somehow not receive his messages.
Yet, just above, Mr. Woodhouse says he doesn't use SPF at all. For him then, nothing has changed and I fail to understand his argument.
For me, I've had SPF implemented since sometime around 2004 or so and I implemented it with a "-all" approach without ever experiencing a problem with lost messages.
I do, however, benefit from having an absolute assertion which I can point to - if anyone ever get an email message from a domain under my control that does not come from the outgoing SMTP servers I define for the domain, then it is to be considered bogus. I want the receiver to trash such a message prior to considering distributing it and not send me a bounce back to me. Frankly, I'm happy with that assumption and interpretation and the experience from doing this for several years tells me that it does not break my ability to send or receive email messages.
Now then, going back to check when I started with SPF, I saw a post to this very list from Mr. Woodhouse, here is an interesting excerpt from a message in late 2004. 

"Until SRS is ubiquitous that's not strictly true. Throwing away the SPF
FAIL is _also_ hurting adoption. Every time someone complains that
forwarded email is bouncing, I get them to tell the _sender_ not to
publish '-all' and the _recipient_ not to obey it. It's too soon."
From this thread, I gather his opinion has not changed, despite the huge numbers of SPF adopters these day. Even so, I find it more than odd that he (as a non-adopter) spends so much time on the list for so many years poking at something that clearly works for those who actually *have* implemented SPF, it might be interesting to better understand the history there.
I think that it was entirely because there was a perceived defect by some in the way that SMTP has worked for over 20 years that SPF was proposed. After all, just because something has a long history, does not mean it cannot be improved upon or that it does not have some fundamental defect that can be exploited by some once said defect is discovered (read Joe Jobs). My first SMTP server (circa 1995) was so brain damaged, that one could not even turn off the ability to relay messages. In your view, Mr. Woodhouse, do you think I should be maintaining that old open relay server because it followed the standard? I hope not.
A high school physics teacher of mine from many years ago frequently utter the words, "The dogs may bark, but the caravan moves on" when class members groused about changes. Change happens, usually because through change, certain problems identified along the way are addressed by the change.
For me and my company, SPF works and it works well with the "-ALL" and everything.
For others, it might not work so well - so be it - let them face people spoofing their domain name identities, get bounces from all over the place and generally face the misery that everyone did prior to SPF - from the "working" SMTP standard to which Mr. Woodhouse appears to feel so attached.
Getting back to the original point of the thread, why Google apparently wants folks to specify "~all" rather than "-all", perhaps in their case (because they offer a huge email service), they don't wish to reveal all the possible outgoing SMTP servers to avoid some type of attack on GMail. Personally, I think there are better ways of handling such things even in huge scale email service environments. 

Best,

AlanM
The Commerce Company
TZ.Com - Travel Zippy


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=78679083-23c944
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: advice wrong, or is it?, Daniel Taylor
Next by Date:  [spf-discuss] Re: advice wrong, or is it?, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] Re: advice wrong, or is it?, Gino Cerullo
Next by Thread:  [spf-discuss] Re: advice wrong, or is it?, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]