From: Alex van den Bogaerdt (alexergens.op.het.net)
Date: Thu Jan 15 2004 - 03:56:55 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 14, 2004 at 05:49:01PM -0500, Wietse Venema wrote:

> > > SPF is fundamentally and completely broken since it makes critical
> > > assumptions about the SMTP protocol which are absolutely NOT TRUE.
> >
> > If this is the case, then SMTP is fundamentally broken, because the
> > assumptions SPF makes must be true in a world where sender authentication is
> > necessary to prevent spam and ensure the consequences of spamming fall on
> > the right person.
>
> No, it is the real world which is broken. Which of the three

You are correct.

> is best fixed first? SMTP, SPF, or the real world?

Open smtp-relays are abused? They got closed.
Open http-caches are abused? They got closed.
Source routing (both smtp and ip) is abused? It was made impossible.

Just as in other protocols, things change to overcome the selfish world.
As we cannot change the world, we change to possibility for the world
to abuse our systems.

SMTP is just the next protocol. SPF is preventing the world from
abusing something that seemed useful at the time it was written.

In stead of changing SMTP altogether, there is an optional protocol
that can be used (not: must be used). It works together with, not
against, SMTP.

And yes, there will be some side effects. And yes, this means change
is needed in related technical stuff, such as forwarding. But no,
this does not mean the proposal is broken.

cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]