Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Sun, 19 Oct 2003 12:15:33 -0700
From: Brad Templeton <brad@xxxxxxxxxxxxxx>
Subject: Re: [IP] SPF v2 draft 95% complete
To: Dave Farber <dave@xxxxxxxxxx>
Cc: mengwong@xxxxxxxxxxxxxxx
> SPF has matured significantly since the last time I discussed it on IP.
>
> It does exactly what the above paragraph suggests.
And while I would definitely prefer it over the "You must provide ID in
order to send E-mail" schemes proposed by Verisign, PFIR and others,
it does suffer some of their flaws as an anti-spam system.
It is very worthwhile as a system to stop people from forging your
domain in their envelope-from address, and that's good for you, since it might
reduce the amount of complaints you get about spam sent in your name.
But that doesn't address the spam problem, it addresses the authentication
problem. Spammers will still be happily able to send mail from fake
domains, disposable domains and the large number of real domains which
don't define an SPF record in their DNS.
Thus we must fear that, since people are much more concerned about spam
(including forged spam) than they are about forged real E-mail, they will
view this as an anti-spam, and consider the obvious but dangerous next
step -- refusing mail from people that doesn't come authenticated in some
way.
And thus, in the end creating the world we hopefully don't want to create,
that you must provide ID before you can send E-mail, something we haven't
even demanded in the paper mail where the letter can physically kill you.
As such, I believe anybody drafting an authentication system has a duty
to outline how this can be avoided, how anonymous mail can be preserved,
and other ways to deal with likely bad consequences of the deployment.
It is not necessary to demand authentication to make a spam-free mail
system. For example, in this essays
http://www.templetons.com/brad/spam/cpustamp.html
I outline a means to block spam if you're willing to make demands on the
sender (as all authentication schemes do) which does not block anonymous
mail.
In addition, this system can only authenticate the envelope sender domain,
not the "From:" header on an E-mail. (If it tried to authenticate the
From header, it would break mailing lists and legitimate relays.) As such,
it may not even defend against many forgeries. And not have much luck
on viruses either.