spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Revising SOFTFAIL

2008-01-05 17:03:58
from [Michael Deutschmann] [Permanent Link] 
On Sat, 5 Jan 2008, David Woodhouse wrote:

Remember, we're talking about a 'handle' used to do lookups in some kind
[...]


I think I sort-of see what you're talking about.  But two objections present
themselves.

First, CSV appears to be a Rube Goldberg contraption which basically does
what I already accomplish by first blocking mail where the sending IP has no
closed loop rDNS, and then running the confirmed hostname past a blacklist.
(Note I'm talking only talking about the rDNS hostname, not HELO.)

It does give the sender the advantage of running split reputations on a
single IP.  But that's not in the interest of eradicating spam.

Second, it seems you're disparagement of SPF is based on the fact that SPF
blocks traditional forwarders from participating in the reputation system.

Reusing my example of <jane_roe(_at_)example(_dot_)com> sending to
<john_doe(_at_)example(_dot_)org> which forwards to 
<joe_smith(_at_)example(_dot_)net>:

You are complaining that if traditional forwarding is used, example.net's
SPF implementation, aghast at what it sees as an attempt by example.org to
steal example.com's karma, unfairly denies example.org a chance to accumulate
karma of it's own.  CSV would (but so would an IP or rDNS-based reputation
system.)

But this doesn't help example.org much, because the nature of forwarding
prevents it from maintaining good karma.  Forwarders often have specific
direction as to what spam-filters to apply, so if Joe Smith specifies no
filtering and <john_doe(_at_)example(_dot_)org> is on a "millions CD", then 
example.org
will see it's karma blacken due to spam that he effectively _demanded_ to
see.

example.org's only hope is for example.net to recognize it as a forwarder
blindly doing what Joe specified, and apply a whitelist.  But if example.net
did whitelist example.org, it could also turn off SPF, and SPF's forwarder
problem would be no longer an issue.

So all reputation systems will mistreat forwarders in the absence of
whitelisting.  CSV is not an improvement on SPF.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=82287842-c0d504
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] SPF adoption - HELO vs FROM, Mark
Next by Date:  Re: [spf-discuss] SPF adoption - HELO vs FROM, Alex van den Bogaerdt
Previous by Thread:  Re: [spf-discuss] Re: Revising SOFTFAIL, David Woodhouse
Next by Thread:  Re: [spf-discuss] Re: Revising SOFTFAIL, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]