[81039] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Mon May 23 22:58:50 2005
Date: Tue, 24 May 2005 08:28:24 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Brad Knowles <brad@stop.mail-abuse.org>
Cc: Daniel Golding <dgolding@burtongroup.com>,
Edward Lewis <Ed.Lewis@neustar.biz>, bmanning@vacation.karoshi.com,
nanog@nanog.org
In-Reply-To: <p06200753beb836c33606@10.0.1.2>
Errors-To: owner-nanog@merit.edu
On 5/24/05, Brad Knowles <brad@stop.mail-abuse.org> wrote:
> If you're talking about users, then all you have to do is
> implement SPF at a few large sites like AOL, where they don't support
> forwarding and therefore they don't care if they break forwarding,
> where they want to force everyone to use their outbound mail relay
> servers anyway, etc.... Do that, and you've got a "majority".
Two levels of SPF -=20
1. publishing conservative enough spf records to do the least damage
but look good (~all or ?all instead of -all) - every man and his dog
(e&oe people like us who have removed all our spf records) does that
these days after AOL announced they'd use published spf records to
maintain their whitelist and feedback loop
2. Rewriting return paths using SRS/SES for forwarded mail, and
checking + rejecting based on spf failures
srs (http://www.circleid.com/article.php?id=3D1039_0_1_0_C/ for more)
>=20
> If you're talking about mail systems, it's a whole different
> picture. Setting up TLSSMTP or SMTPAUTH is non-trivial, even for
> experienced admins. Indeed, many experienced admins may own their
> own domains, but not run their own machines. Even if the server side
> is capable of supporting TLSSMTP and/or SMTPAUTH, they may well be
> using clients which are not capable of doing so, or not capable of
> doing so interoperably with the server side. Much, much more
> difficult to get large numbers of installations.
>=20
>=20
> Penetration of SPF is pretty low, and it's likely to stay that
> way for the foreseeable future. The problems with SPF are pretty
> basic, and I don't see them being eliminated any time soon with a
> casual wave of your royal hand.
>=20
> > This obsession with perfection will (as usual) r=
esult
> > in exactly no progress. Folks need to be willing to get 70% of the ben=
efit
> > for 10% of the effort.
>=20
> And if twelve people told you that you'd have to implement twelve
> different incompatible systems, and each of them would give you a
> different 70% of the benefit for 10% of the effort (but only if they
> were the only solution implemented), what would you do?
>=20
> The IETF has taught us that multiple incompatible partial
> solutions is not a particularly desirable outcome. That way lies
> madness.
>=20
> --
> Brad Knowles, <brad@stop.mail-abuse.org>
>=20
> "Those who would give up essential Liberty, to purchase a little
> temporary Safety, deserve neither Liberty nor Safety."
>=20
> -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
> Assembly to the Governor, November 11, 1755
>=20
> SAGE member since 1995. See <http://www.sage.org/> for more info.
>=20
--=20
Suresh Ramasubramanian (ops.lists@gmail.com)
