spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Revising SOFTFAIL

2008-01-05 12:08:58
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Woodhouse wrote:

On Sat, 2008-01-05 at 18:12 +0000, Julian Mehnle wrote:

David Woodhouse wrote:

[...]  See http://mipassoc.org/csv/

Works just as well as SPF, giving you an authenticated label which
you can use in your reputation database. [...]


Except that it doesn't differentiate between multiple domains served
by a common mail server.


It doesn't need to. SPF just gives you a handle -- the domain name --
which you can look up in your reputation database to see if it's a
spammer or not. With CSV that handle is the HELO name; [...]


And of course it doesn't even try to stop the MAIL FROM forgery.


It doesn't need to. It stops HELO forgery, because it's HELO that it
uses.


You are defining away the MAIL FROM forgery problem.


MAIL FROM forgery is simple enough to fix anyway, with schemes such as
BATV and SES which can be implemented unilaterally, without requiring
the world to change.


BATV and SES don't prevent MAIL FROM forgery.  They merely help _senders_ 
sort out invalid bounces.  They don't do anything for the _receivers_.


why would you need multiple handles for the same sending host?


Because of many domains sending through a common host, some domains may be 
sending mostly spam whereas other may be sending mostly non-spam.  Your 
answer to that is probably:  "Why accept mail from a spammy host, even if 
some mail is good?  The good users can always switch to a different 
service provider that is less spammer-friendly."  However this would be 
just a cover-your-ass excuse for not using a more discriminatory authen- 
tication method.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf9RDwL7PKlBZWjsRAl68AKC7v1N4bOeZVWdG/alpoe3Rk1WC8QCg7H/9
QEp4RmXhN5ONQAUO1bTb9s8=
=q7Vj
-----END PGP SIGNATURE-----

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=82202329-f3e7c4
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Revising SOFTFAIL, Scott Kitterman
Next by Date:  [spf-discuss] Re: Revising SOFTFAIL, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] Re: Revising SOFTFAIL, David Woodhouse
Next by Thread:  Re: [spf-discuss] Re: Revising SOFTFAIL, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]