Many people, including me, think SRS is a bad idea. So I'm not getting
on board with a system that is clearly a mistake.
Gino Cerullo wrote:
Hello, is this really Marc? ;-)
Sorry about the rant Marc, if that's you. I understand why you can't
or won't implement SPF and I don't blame you under the circumstances.
It's just that your statement was at best obvious and at the same time
incomplete. A more accurate statement would have been, "SPF breaks
email forwarding for my users and myself because my email forwarder
does not support SRS" for which we would have said something like,
"well don't use SPF" or better yet, "find a different email provider
that has implemented SRS and you too can implement SPF."
Other statements that would have been considered more acceptable to
starting a conversation in general would have been, "SPF breaks email
forwarding in present SMTP implemenations" or "SPF breaks email
forwarding due to that lack of the wide spread implementation of SRS"
but then we would have just said "Duh!"
On 25-Jul-06, at 12:51 PM, Marc Perkel wrote:
I don't have an SPF record because I refuse to support a broken
technology. SPF breaks email forwarding. My users use forwarding.
SMTP is broken - but I can't change that. I have to be compatible
with the rest of the world.
Again, it's not that SPF is a broken technology, it's that SMTP, at
best, hasn't caught up to it yet or at worst, as has been stated
already, is broken.
Also, no one is forcing you to implement SPF, or are they? Tell me who
they are, I'll send my boys.
Gino Cerullo wrote:
Whether it's SPF, DKIM, a combination of both or something
completely new, the laissez-faire attitude of the past toward SMTP
just doesn't cut it anymore. Criminals (and yes, I consider anyone
who forges an identity to hide who they are a criminal no matter
their intent) have taken advantage of the loose way in which SMTP
was and still is implemented and they are causing considerable
damage. If a few 'eggs' have to be broken on the way to securing our
email systems than so-be-it.
I agree with Michael Scheidell, "SMTP is broken. has been,
phishing, forgeries, email viruses prove it."
To make a statement like "SPF breaks email forwarding" and not offer
an alternative merely makes you come off as a troll with an agenda.
Now, I know from your contributions here that you are neither a
troll or have an ulterior motive with such a statement but at the
same time I can't even trust that the original email came from Marc
Perkel <[EMAIL PROTECTED]>.
As it stands, I can't trust the integrity of your domain
'perkel.com' since it does not have an SPF record. Anyone can claim
to be you, even a troll. Now, you might say that s/mime could be the
answer to that and you'd be correct but s/mime is expensive.
Expensive in computer resources because it means that my server
still has to receive every email, process it through virus and spam
filters and then pass it on to me where what remains still has to be
evaluated by me or my MUA.
The idea behind SPF and its contemporaries is that obvious forgeries
are handled by the MTA before entering the system for further
evaluation, taking a huge load off the infrastructure we've been
forced to put in place to deal with a system that is clearly, at
present, broken.
Personally, I think SPF, DKIM and any other workable proposal goes
beyond just protecting me from spam, phishing and email viruses. It
protects the integrity of my domains and further, the IP addresses
in my control since I insist that all the domains I host on my
server all have SPF records. People can trust that an email message
claiming to come from one of my domains or from one of my IP
addresses does in fact originate there.
The only legitimate excuse I hear for not implementing SPF has to do
with forwarding. There are situations beyond the control of the people
involved that prevent them from implementing it. Until the default
behaviour of an MTA is to implement SRS or SRS can easily be
implemented in existing MTAs this will continue to be a problem. We'll
just have to live with that for now.
All the other excuses I hear regarding the lack of implementation of
SPF are due to a lack of understanding of the protocol, laziness or
the unfounded loss of control, "I refusal to implement a protocol that
controls which email servers I can send my mail from," excuse. To them
I say, SPF and its contemporaries are the future, you can either
implement them or find your email in the bit bucket. The choice is yours.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
T: 416-247-7740
F: 416-247-7503
