Re: A new SMTP "3821" [Re: FTC stuff...........]

[David Woodhouse <dwmw2@xxxxxxxxxxxxx>]

On Mon, 2004-12-06 at 13:11 -0500, Alan DeKok wrote:
>   You're assuming that messages go from source to destination in one
> hop.  While this is nice, the current design allows a message to
> traverse multiple independent hops, all the while using the same "MAIL
> FROM".  This has a serious impact on the "blowback" problem, and any
> possible solution.

I'm not assuming that. I'm saying that SPF doesn't make the problem any
worse than _other_ schemes will, if they cause the ultimate recipient to
reject mail which the {backup MX, relay, forwarder} does not reject.

SPF and SenderID have many flaws. This one isn't specific to SPF and
SenderID.

>   Yes, but sharing live information about all of your users with a
> backup MX is difficult to do in practice. 

That may be your experience; it's not mine.

>   If nothing else, the spammers are offloading some of their work onto
> the backup MX, and using it to attack the primary.  This attack has
> serious consequences for the robustness of the email transport layer.

Even to the extent that's true, it's not specific to SPF.

-- 
dwmw2