At 11:08 AM 2/1/2008 -0500, you wrote:
On Thu, 31 Jan 2008, David MacQuigg wrote:
I for one welcome any discussion relevant to SPF, and IP-based authentication
in general, but I am especially interested in how to make IP-based
authentication deliver on its original promise - an end to email forgery. If
SPF can solve the Forwarding Problem, the last excuse for senders will
disappear, and we may at last have universal, robust authentication.
There is no forwarding problem for senders. Any problems are caused
by the receiver, and while most forwarding problems receivers cause have
nothing to do with SPF, those that are related to SPF are easily avoided
by not rejecting due solely to SPF until the receiver resolves its problems.
Maybe what we really need is not a new protocol, but a BCP (Best Current
Practices document) for Forwarders and downstream Agents. I can see that as a
good solution if the recommendations are so simple and easy that there is no
excuse for not following them. http://tools.ietf.org/html
That said, TENBOX and friends are good attempts to help large receivers
manage forwarders efficiently. My question is, since the receivers
with problems are the big ones with millions of users, why would they
listen to any proposed solutions from us?
Big ESPs won't listen to us, but they will listen to their customers. After a
few thousand complaints, or even questions like - "Hey Mr. Yahoo, how come all
my forwarded mail goes into the [bulk] folder? Why can't I whitelist my
forwarders?" After hearing that, they will eventually modify their
whitelisting option, so it works with a domain name, not necessarily a full
address.
Maybe we should add a requirement to our list.
6) At every stage of adoption, benefits must exceed costs to each Agent
that must take some action.
Participation is now motivated only by self interest. The urgency to solve the
spam problem is gone. Everyone has their own solution, and is no longer
motivated by "doing the right thing" or solving the remaining common problems.
Dick St. Peters had an unique term to describe this requirement. He called it
"adiabatic expansion". I guess only a fellow physicist would appreciate the
analogy. I hope Dick is still on the list.
Requirements for Solution to Forwarding Problems
1) Use IP-based authentication (signatures are a separate topic)
2) No cost or risk to Agents on Sender's side
3) Small cost or risk to Agents on Recipient's side
4) No lost mail
5) Effective
6) Minimum vulnerability to new attacks
+1 good list
Thanks. I was starting to worry the old-timers were not happy with this
discussion.
-- Dave
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=92953179-30cca3
Powered by Listbox: http://www.listbox.com