[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: (list-mom) Enough, already, on the wonders of SPF

To: asrg at ietf.org
Subject: [Asrg] Re: (list-mom) Enough, already, on the wonders of SPF
From: Philip Miller <millenix at zemos.net>
Date: Mon, 02 Aug 2004 11:03:13 -0400
In-reply-to: <20040802035303.10891.qmail@xuxa.iecc.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20040802035303.10891.qmail@xuxa.iecc.com>
Sender: asrg-bounces at ietf.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.1) Gecko/20040726 Debian/1.7.1-4

John Levine wrote:

It has become clear to me that there is no purpose served by arguing
here whether SPF will work, for any definition of work, or not.  So
stop it.  (If you don't, various awful things may happen to you.)


Thank you for this. I agree that we need an end to the arguing.

It's built up enough of a political head of steam that MARID will
report out SPF or something like it, and some people will implement
it, after which we will then be able to observe what happened.  The
current level of SPF deployment do not even rise to the level of toy
demonstrations, so we absolut

                             ^^^^^^^^^
Was there more here?

Here are some topics related to SPF that might be worth pursuing:

* How can we tell what effects, good or bad, SPF is having?  Do we
need to build tools now to collect data and prepare to analyze the
results?

For the sake of statistical and score-based filters, any recorded SPF results in a message could have good effects. What needs to be determined is whether SPF results correlate in some way with how users treat messages independent of those results.

For the sake of "my name's not on someone else's mail", any mail rejected based on SPF failure is a good thing.

* If SPF turns out to have little or no useful effects, what should
we do next?


I don't have an answer here, but I do have some thoughts.

* If SPF turns out to have vast sweeping effects, what should we do
next?


Making it easier to accredit domains sounds like a good thing.

* Spammers will surely start circumventing SPF.  (Some already have.)
How can we tell how extensively that's happening?  What should we do
about it?

How many are circumventing it (and how?), and how many are complying with some sufficiently broad permitted range that it's ineffectual?

Philip Miller


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- [Asrg] Re: SPF monitoring
  - From: Jim Witte

References:
- [Asrg] (list-mom) Enough, already, on the wonders of SPF
  - From: John Levine

Prev by Date: [Asrg] (list-mom) Enough, already, on the wonders of SPF
Next by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Previous by thread: [Asrg] (list-mom) Enough, already, on the wonders of SPF
Next by thread: [Asrg] Re: SPF monitoring
Index(es):
- Date
- Thread