Mailing List Archive

Stuart D. Gathman wrote on Saturday, March 17, 2007 7:23 AM -0600:

> On Fri, 16 Mar 2007, Seth Goodman wrote:
>
> > Since large systems are unlikely to whitelist forwarders per user,
> > and global forwarder whitelisting means too much additional spam,
> > the recommended best practice is not realistic for large systems.
>
> Large systems that I am familiar with (e.g. spamsoap.com) *already*
> whitelist senders per user. The only change required is to
> flag some senders as forwarders and apply the "pretend" sender rule.

Most systems have to whitelist some senders, and some do so per user,
but I'm unaware of any large systems that whitelist forwarders per user.
In most cases of sender whitelisting per user, this happens
automatically when the user sends mail to a destination mailbox, so the
user's own forwarders are never listed. Compiling and maintaining a
forwarder whitelist per user is not the trivial exercise you suggest, it
is a major adoption hurdle. Forwarding will not go away because it is
technically flawed, and large services are not going to sign up for
something that their users perceive as annoying and involves significant
ongoing maintenance.

I still believe that the best practice recommendation for large systems
is unrealistic.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735

On Sat, 24 Mar 2007, Seth Goodman wrote:

> I still believe that the best practice recommendation for large systems
> is unrealistic.

You might be right. In that case, alias forwarders will continue to function
as open spam relays, and we'll all switch to Jabber.

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735

Stuart D. Gathman wrote on Saturday, March 24, 2007 6:03 PM -0600:

> On Sat, 24 Mar 2007, Seth Goodman wrote:
>
> > I still believe that the best practice recommendation for large
> > systems is unrealistic.
>
> You might be right. In that case, alias forwarders will continue
> to function as open spam relays, and we'll all switch to Jabber.

I assume you mean that as humor. Seriously, we'd all be better off
if alias forwarding were handled differently, but it is what it is
and it's not going away. We can all agree that the notion of
sending a DSN after successful delivery by SMTP to the designated
mailbox is broken on the face of it.

As to whether alias forwarding creates an open relay, it does
create a relay, though it only redirects to where the account owner
tells it. Therefore, it's of no more use to spammers than any
other delivery address, unlike a real open relay.

Jabber and similar IM protocols may one day supplant SMTP. Until
that happens, we are stuck with alias forwarding. Ignoring this
reality, or declaring that alias forwarding is broken so we need
not provide a palatable workaround, hurts SPF while having no
impact on alias forwarding.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735