Hello, is this really Marc? ;-)
Sorry about the rant Marc, if that's you. I understand why you can't
or won't implement SPF and I don't blame you under the circumstances.
It's just that your statement was at best obvious and at the same
time incomplete. A more accurate statement would have been, "SPF
breaks email forwarding for my users and myself because my email
forwarder does not support SRS" for which we would have said
something like, "well don't use SPF" or better yet, "find a different
email provider that has implemented SRS and you too can implement SPF."
Other statements that would have been considered more acceptable to
starting a conversation in general would have been, "SPF breaks email
forwarding in present SMTP implemenations" or "SPF breaks email
forwarding due to that lack of the wide spread implementation of
SRS" but then we would have just said "Duh!"
On 25-Jul-06, at 12:51 PM, Marc Perkel wrote:
I don't have an SPF record because I refuse to support a broken
technology. SPF breaks email forwarding. My users use forwarding.
SMTP is broken - but I can't change that. I have to be compatible
with the rest of the world.
Again, it's not that SPF is a broken technology, it's that SMTP, at
best, hasn't caught up to it yet or at worst, as has been stated
already, is broken.
Also, no one is forcing you to implement SPF, or are they? Tell me
who they are, I'll send my boys.
Gino Cerullo wrote:
Whether it's SPF, DKIM, a combination of both or something
completely new, the laissez-faire attitude of the past toward SMTP
just doesn't cut it anymore. Criminals (and yes, I consider anyone
who forges an identity to hide who they are a criminal no matter
their intent) have taken advantage of the loose way in which SMTP
was and still is implemented and they are causing considerable
damage. If a few 'eggs' have to be broken on the way to securing
our email systems than so-be-it.
I agree with Michael Scheidell, "SMTP is broken. has been,
phishing, forgeries, email viruses prove it."
To make a statement like "SPF breaks email forwarding" and not
offer an alternative merely makes you come off as a troll with an
agenda. Now, I know from your contributions here that you are
neither a troll or have an ulterior motive with such a statement
but at the same time I can't even trust that the original email
came from Marc Perkel <[EMAIL PROTECTED]>.
As it stands, I can't trust the integrity of your domain
'perkel.com' since it does not have an SPF record. Anyone can
claim to be you, even a troll. Now, you might say that s/mime
could be the answer to that and you'd be correct but s/mime is
expensive. Expensive in computer resources because it means that
my server still has to receive every email, process it through
virus and spam filters and then pass it on to me where what
remains still has to be evaluated by me or my MUA.
The idea behind SPF and its contemporaries is that obvious
forgeries are handled by the MTA before entering the system for
further evaluation, taking a huge load off the infrastructure
we've been forced to put in place to deal with a system that is
clearly, at present, broken.
Personally, I think SPF, DKIM and any other workable proposal goes
beyond just protecting me from spam, phishing and email viruses.
It protects the integrity of my domains and further, the IP
addresses in my control since I insist that all the domains I host
on my server all have SPF records. People can trust that an email
message claiming to come from one of my domains or from one of my
IP addresses does in fact originate there.
The only legitimate excuse I hear for not implementing SPF has to do
with forwarding. There are situations beyond the control of the
people involved that prevent them from implementing it. Until the
default behaviour of an MTA is to implement SRS or SRS can easily be
implemented in existing MTAs this will continue to be a problem.
We'll just have to live with that for now.
All the other excuses I hear regarding the lack of implementation of
SPF are due to a lack of understanding of the protocol, laziness or
the unfounded loss of control, "I refusal to implement a protocol
that controls which email servers I can send my mail from," excuse.
To them I say, SPF and its contemporaries are the future, you can
either implement them or find your email in the bit bucket. The
choice is yours.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
T: 416-247-7740
F: 416-247-7503
