MTA packagers please consider SPF

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Sun, 04 Jan 2004 14:32:44 -0500 (EST)
From: mengwong () dumbo pobox com (Meng Weng Wong)
Subject: MTA packagers please consider SPF
To: chip () perlsupport com
Cc: dave () farber net

SUMMARY

  This message goes to some of the maintainers of MTA packages for major
  Linux distributions.  I ask that they consider adding SPF support to
  their packages in helping to solve spam.  I founded pobox.com, which
  produced the MySQL extensions for Postfix.  I authored the SPF
  standard and am now trying to get it widely adopted.

PLUGINS

  Plugins for MTAs can be found at http://spf.pobox.com/downloads.html

ESSAY: SPAM IS LIKE SMALLPOX

They say the antispam industry will become a one billion dollar business
in 2004.  There are two responses to this observation.  The first, most
obvious response is: let's start an antispam company and try to capture
some market share!  The second response is: the antispam industry
*should* become a *zero* dollar business --- if we lived in a better
world.

There are more voices in the first camp than the second.

Spam as a technical problem is solved by SPF.  Spam is now only a
political problem: how to educate the masses, how to convince those who
need to be convinced, how to reach the tipping point.

In 1801 Edward Jenner proved cowpox-smallpox vaccination.  He wrote 'It
now becomes too manifest to admit of controversy, that the annihilation
of the Small Pox, the most dreadful scourge of the human species, must
be the final result of this practice.'

One hundred and fifty hears later, in 1959, the World Health
Organization called for global smallpox vaccination.  Mass vaccination
begain in 1966.  The last case was in 1977.

From start to finish it took humanity 176 years to solve the smallpox
problem, but the heavy lifting really only took about a tenth the time.
The WHO got the ball rolling in 1959.  Twenty years later it announced
smallpox was gone for good.

But what about before 1959?  What happened in that century and a half
from discovery to global implementation?

Did smallpox vaccination companies arise, get VC funding, go public?
Did their founders get rich and retire at 30?  Did industry analysts
predict that "in the coming year, X million people will die of smallpox"
and in the next breath say "in the coming year, the smallpox vaccination
industry will become an X million dollar business"?

How did the hypothetical founders of anti-smallpox companies react to
the WHO announcement?  With their families and employees already safely
vaccinated, they must have been dismayed to contemplate the destruction
of their entire business model.

The internet has no equivalent to the WHO; there is the IETF, and I am
dutifully following IETF process and expect to see an RFC number on the
SPF standard soon.  But more needs to be done: we need to convince the
authors and packagers of MTA software that they should include SPF with
their distributions (turned off by default for now); and domain owners
all over the world need to submit to the inconvenience of "vaccination"
which I have tried to make as painless as possible.

In the twentieth century 300 million people died of smallpox, and still
it took humanity 176 years to eradicate it.  I believe it is technically
possible to eradicate spam in 2004.  But there are obstacles: inertia,
laziness, and fear of change ("what about the infinitesimal chance that
the vaccine will kill me?")  And there are those with an interest in
seeing spam grow: legitimate businessmen whose livelihood would be
threatened.  Against these forces the Right Solution needs champions.

We already have a number of such champions: I estimate that 120,000
domains now publish SPF records, including dyndns and altavista;
SpamAssassin and other antispam products will check for them.
Opensource developers have independently written SPF plugins for
Postfix, Sendmail, and Exim.  And we have famous advocates like Eric
Raymond spending time and energy promoting the cause.  If our numbers
continue to grow, in the coming months SPF will cross the tipping point.
If it does, we can hope that in 2005 the antispam industry will be, in
fact, a zero-dollar business.

Now we need MTA distributions to include SPF.  SPF should be configured
turned off by default, but easily turned on; when it matures along the
RFC standards track, we can turn it on by default.

(This message may be read by a wide audience.  If you can help, please
see http://spf.pobox.com/ and join the mailing list by sending mail to
subscribe-spf-discuss () listbox com.)

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/