[67735] in North American Network Operators' Group
Re: Clueless service restrictions (was RE: Anti-spam System Idea)
daemon@ATHENA.MIT.EDU (Dave Crocker)
Wed Feb 18 20:09:08 2004
Date: Wed, 18 Feb 2004 17:07:28 -0800
From: Dave Crocker <dhc@dcrocker.net>
Reply-To: Dave Crocker <dcrocker@brandenburg.com>
To: =?ISO-8859-1?B?R3XwYmr2cm4gUy4gSHJlaW5zc29u?= <gsh@centrum.is>
Cc: nanog@merit.edu
In-Reply-To: <001b01c3f680$5af0e790$a900000a@birkihlid42>
Errors-To: owner-nanog-outgoing@merit.edu
Guðbjörn,
>> I think that the "registration" oriented authentication mechanisms (spf,
>> rmx, lmap, etc.) can be useful only when the authenticator is the
>> hosting network provider, rather than a message author.
GSH> I think widespread use of SPF will gut the major sources of spam.
Well, it will gut a great deal of email mobility and third-party
services.
It will probably have no meaningful effect on actual spam.
For example, as you note:
GSH> Then, of course, the spammers will find other ways...
That means that _at best_ MTA author registration schemes, like SPF, are
tactical responses. The problem is that they cause a _strategic_ change
to the email semantic model; and the scaling effect of its
administration is really quite terrible.
Pretty massive effect, for such a short-term benefit.
Not to mention that, on the Internet, it is never possible to deploy
anything in a short-term time-frame.
And, oh by the way, all SPF tries to do is to authenticate the From field.
Forgive me for not being reassured that wide use of SPF will merely mean
that the spam I get will have a valid From field.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>
