Re: [PLUG] Re: SPF

Stephen Gran on 23 Mar 2004 03:11:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF

From: Stephen Gran <steve@lobefin.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Re: SPF

Date: Mon, 22 Mar 2004 22:10:16 -0500

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.3.28i

On Mon, Mar 22, 2004 at 09:37:12PM -0500, Walt Mankowski said: > One big practical benefit is bounces. Suppose you decide to sent some > spam while you're at your parents' place. You've got a big list of > email addresses, most of which became invalid years ago. You don't > want to deal with all the bounce messages, so you set your envelope > sender to "billg@microsoft.com". Now billg's mailbox fills up with > bounce messages he didn't send. But if you're forced to use, say, a > comcast.com envelope sender, then bounce messages either go to a > Comcast MX or another Comcast customer. Either way it's going to be a > lot easier for Comcast to track you down if all the bounce messages > stay inside their domain. The major problem with SPF is that it doesn't preserve the envelope, as far as I can tell. This means that if email (which relies on the store-and-forward-based nature of smtp) passes through multiple hosts that like and use SPF, the original envelope will be lost. At the final server, if it bounces, who do I send the bounce to? The last forwarder (that is what the envelope from would be)? The header from:? In other words, my email goes from some spammer -> address A -> address B -> address C. Address C 550's it, and Address B does what with it? Bounce to Address A? Deliver to my local account on Address B, which forwards again to address C? If it bounces to Address A, we get the same thing again. This is not a new problem that SPF created really, but modifying the original envelope greatly exacerbates it. This would lead to problems with mail forwarding, which is a long standing email practice. It would also beat up things like secondary MX's, but they already get pretty beat up :) The upside to SPF, sender host verification, only works if literally everybody is doing it, with the exception of spammers. Since I see many hosts out there that don't even do ESMTP yet, I doubt that this will be a reality any time soon. And given that Microsoft will probably implement it's own proprietary anti-spam system sometime soon, none of the IIS boxes out there will do any of this. It doesn't seem to fix as much as it breaks, sadly. -- -------------------------------------------------------------------------- | Stephen Gran | The road to ruin is always in good | | steve@lobefin.net | repair, and the travellers pay the | | http://www.lobefin.net/~steve | expense of it. -- Josh Billings | --------------------------------------------------------------------------
Attachment: pgp0l1ZeVYNYl.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] Re: SPF
From: Walt Mankowski <waltman@pobox.com>

References:

[PLUG] [plug-announce] Ello!
From: turgon@mike-leone.com

SPF (as Re: [PLUG] [plug-announce] Ello!)
From: Malcolm J Harwood <mjhlists-plug@liminalflux.net>

Re: SPF (as Re: [PLUG] [plug-announce] Ello!)
From: Paul <gyoza@comcast.net>

[PLUG] Re: SPF
From: Malcolm J Harwood <mjhlists-plug@liminalflux.net>

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

Re: [PLUG] Re: SPF
From: Walt Mankowski <waltman@pobox.com>

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

Re: [PLUG] Re: SPF
From: Walt Mankowski <waltman@pobox.com>

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

Re: [PLUG] Re: SPF
From: Walt Mankowski <waltman@pobox.com>

Prev by Date: Re: [PLUG] archiving websites

Next by Date: Re: [PLUG] Re: SPF

Previous by thread: Re: [PLUG] Re: SPF

Next by thread: Re: [PLUG] Re: SPF

Index(es):

Date

Thread