<<< Date Index >>>     <<< Thread Index >>>

[IP] more on MTA packagers please consider SPF



-----Original Message-----
From: Rick Adams <Rick.Adams@xxxxxxxxx>
Date: Sun, 04 Jan 2004 15:53:07 
To:dave@xxxxxxxxxx
Subject: RE: [IP] MTA packagers please consider SPF

For IP if you wish.

While SPF would provide some relief from spam, the claim "Spam as a technical 
problem is solved
by SPF." is too absurd to go unchallenged. In fact the author's own
http://spf.pobox.com/objections.html says "SPF is merely one component in a 
balanced anti-spam
strategy." 

All SPF does is provide a mechanism for verifying that the purported host part 
of the sender's
email address originated from one of the servers for that host domain. That's 
all.

Obviously, that is not sufficient to declare the problem "solved".

Further, there exists a chicken/egg problem that is apparently being ignored. 
Until the large
mailers (AOL, MSN, Hotmail, Yahoo, Verizon, Earthlink, etc) implement the host 
verification
records (and none of them have) there is insufficient incentive for people to 
bother installing
the MTA plugins.

However, the ability to verify the sender's host adds sufficient valuable 
additional information
that can be used by existing anti-spam technology that it merits implementation 
(in some form.)

The trick is getting the large mailers to implement the host verification 
records, not getting
software deployed that uses them.

-----Original Message-----
From: owner-ip@xxxxxxxxxxxxxx [mailto:owner-ip@xxxxxxxxxxxxxx] On Behalf Of 
Dave Farber
Sent: Sunday, January 04, 2004 2:44 PM
To: ip@xxxxxxxxxxxxxx
Subject: [IP] MTA packagers please consider SPF



Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx 
Date: Sun, 04 Jan 2004 14:32:44 -0500 (EST)
From: mengwong@xxxxxxxxxxxxxxx (Meng Weng Wong)
Subject: MTA packagers please consider SPF
To: chip@xxxxxxxxxxxxxxx
Cc: dave@xxxxxxxxxx

SUMMARY

   This message goes to some of the maintainers of MTA packages for major
   Linux distributions.  I ask that they consider adding SPF support to
   their packages in helping to solve spam.  I founded pobox.com, which
   produced the MySQL extensions for Postfix.  I authored the SPF
   standard and am now trying to get it widely adopted.

PLUGINS

   Plugins for MTAs can be found at http://spf.pobox.com/downloads.html

ESSAY: SPAM IS LIKE SMALLPOX

They say the antispam industry will become a one billion dollar business
in 2004.  There are two responses to this observation.  The first, most
obvious response is: let's start an antispam company and try to capture
some market share!  The second response is: the antispam industry
*should* become a *zero* dollar business --- if we lived in a better
world.

There are more voices in the first camp than the second.

Spam as a technical problem is solved by SPF.  Spam is now only a
political problem: how to educate the masses, how to convince those who
need to be convinced, how to reach the tipping point.

In 1801 Edward Jenner proved cowpox-smallpox vaccination.  He wrote 'It
now becomes too manifest to admit of controversy, that the annihilation
of the Small Pox, the most dreadful scourge of the human species, must
be the final result of this practice.'

One hundred and fifty hears later, in 1959, the World Health
Organization called for global smallpox vaccination.  Mass vaccination
begain in 1966.  The last case was in 1977.

 From start to finish it took humanity 176 years to solve the smallpox
problem, but the heavy lifting really only took about a tenth the time.
The WHO got the ball rolling in 1959.  Twenty years later it announced
smallpox was gone for good.

But what about before 1959?  What happened in that century and a half
from discovery to global implementation?

Did smallpox vaccination companies arise, get VC funding, go public?
Did their founders get rich and retire at 30?  Did industry analysts
predict that "in the coming year, X million people will die of smallpox"
and in the next breath say "in the coming year, the smallpox vaccination
industry will become an X million dollar business"?

How did the hypothetical founders of anti-smallpox companies react to
the WHO announcement?  With their families and employees already safely
vaccinated, they must have been dismayed to contemplate the destruction
of their entire business model.

The internet has no equivalent to the WHO; there is the IETF, and I am
dutifully following IETF process and expect to see an RFC number on the
SPF standard soon.  But more needs to be done: we need to convince the
authors and packagers of MTA software that they should include SPF with
their distributions (turned off by default for now); and domain owners
all over the world need to submit to the inconvenience of "vaccination"
which I have tried to make as painless as possible.

In the twentieth century 300 million people died of smallpox, and still
it took humanity 176 years to eradicate it.  I believe it is technically
possible to eradicate spam in 2004.  But there are obstacles: inertia,
laziness, and fear of change ("what about the infinitesimal chance that
the vaccine will kill me?")  And there are those with an interest in
seeing spam grow: legitimate businessmen whose livelihood would be
threatened.  Against these forces the Right Solution needs champions.

We already have a number of such champions: I estimate that 120,000
domains now publish SPF records, including dyndns and altavista;
SpamAssassin and other antispam products will check for them.
Opensource developers have independently written SPF plugins for
Postfix, Sendmail, and Exim.  And we have famous advocates like Eric
Raymond spending time and energy promoting the cause.  If our numbers
continue to grow, in the coming months SPF will cross the tipping point.
If it does, we can hope that in 2005 the antispam industry will be, in
fact, a zero-dollar business.

Now we need MTA distributions to include SPF.  SPF should be configured
turned off by default, but easily turned on; when it matures along the
RFC standards track, we can turn it on by default.

(This message may be read by a wide audience.  If you can help, please
see http://spf.pobox.com/ and join the mailing list by sending mail to
subscribe-spf-discuss@xxxxxxxxxxxx)

-------------------------------------
You are subscribed as ricknews@xxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/