On Tue, 15 Jan 2008, David MacQuigg wrote:
AOL is a poster child for why the canard about how SPF "breaks forwarding"
is complete FUD. *Any* system that blocks the sources of spam
"breaks forwarding". And that is as it should be.
Both of these companies have eliminated their outgoing spam, even though that
adds nothing to their bottom line. They deserve some recognition of their
good work, at least among email experts.
I didn't say AOL was wrong. I said:
Alias forwarding is broken, SPF or no SPF.
AOL works because they track reputation (by IP in their case).
I cannot honor requests from AOL users to forward mail because
that requires special treatment by AOL - which is not available.
-- Alias forwarding: forwarding an email and keeping its original Return
Address, rather than re-writing it using SRS.
-- SRS: Sender Re-writing Scheme http://openspf.org/SRS - A method used by
Forwarders to re-write the Return Address so as to include the Forwarder's
domain name.
Yet AOL and others process tons of forwarded mail each day, and 99% of it
doesn't use SRS. So I guess we need a definition of broken.
It doesn't matter whether SRS is used. Forwarding to AOL is broken
in either case - because they track reputation by IP, not domain.
It can only work when specifically configured by the receiver as well as
forwarder.
So how can we encourage forwarders and receivers to make these arrangements?
Right now we have small domains like Stuart's and mine making laborious
arrangements with companies like AOL and Yahoo, just to send *normal* mail to
their subscribers. That is a lot of work, much more than these companies
should expect of us. We need to make the process simple, and fully
automated.
It all works great with no special arrangements - as long as you don't
forward or fully filter the stuff you do forward (or the subscriber has a clue
and doesn't mark forwarded stuff as spam - which isn't going to happen with AOL
users). Unfiltered (alias) forwarding is broken when reputation affects
delivery.
Maybe we could agree on a simple, standardized form, one for each Recipient
that wants their mail forwarded. After receiving a few of these forms, Yahoo
Does not address the problem at all. The [unfiltered] junk being forwarded
really is spam! What is needed is for forwarders to have access to the
AOLs reputation database (via DNS for example) so that they can reject
blacklisted senders, and a way to pass forward the source of messages so
that reputation acrues to the actual sender.
None of this has anything to do with SPF or SRS.
know when we may begin.''' Assuming Yahoo confirms the request with its
Recipient, this procedure seems airtight, i.e. no way a spammer can abuse it.
The spammer abuses it by sending lots of spam - which gets forwarded,
but then the forwarders IP gets blacklisted instead of the spammers.
In an environment where IP/domain reputation matters, forwarding
email is like co-signing a loan.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=86060959-35094b
Powered by Listbox: http://www.listbox.com