Interesting People mailing list archives
MTA packagers please consider SPF
From: Dave Farber <dave () farber net>
Date: Sun, 04 Jan 2004 14:44:20 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Sun, 04 Jan 2004 14:32:44 -0500 (EST) From: mengwong () dumbo pobox com (Meng Weng Wong) Subject: MTA packagers please consider SPF To: chip () perlsupport com Cc: dave () farber net SUMMARY This message goes to some of the maintainers of MTA packages for major Linux distributions. I ask that they consider adding SPF support to their packages in helping to solve spam. I founded pobox.com, which produced the MySQL extensions for Postfix. I authored the SPF standard and am now trying to get it widely adopted. PLUGINS Plugins for MTAs can be found at http://spf.pobox.com/downloads.html ESSAY: SPAM IS LIKE SMALLPOX They say the antispam industry will become a one billion dollar business in 2004. There are two responses to this observation. The first, most obvious response is: let's start an antispam company and try to capture some market share! The second response is: the antispam industry *should* become a *zero* dollar business --- if we lived in a better world. There are more voices in the first camp than the second. Spam as a technical problem is solved by SPF. Spam is now only a political problem: how to educate the masses, how to convince those who need to be convinced, how to reach the tipping point. In 1801 Edward Jenner proved cowpox-smallpox vaccination. He wrote 'It now becomes too manifest to admit of controversy, that the annihilation of the Small Pox, the most dreadful scourge of the human species, must be the final result of this practice.' One hundred and fifty hears later, in 1959, the World Health Organization called for global smallpox vaccination. Mass vaccination begain in 1966. The last case was in 1977. From start to finish it took humanity 176 years to solve the smallpox problem, but the heavy lifting really only took about a tenth the time. The WHO got the ball rolling in 1959. Twenty years later it announced smallpox was gone for good. But what about before 1959? What happened in that century and a half from discovery to global implementation? Did smallpox vaccination companies arise, get VC funding, go public? Did their founders get rich and retire at 30? Did industry analysts predict that "in the coming year, X million people will die of smallpox" and in the next breath say "in the coming year, the smallpox vaccination industry will become an X million dollar business"? How did the hypothetical founders of anti-smallpox companies react to the WHO announcement? With their families and employees already safely vaccinated, they must have been dismayed to contemplate the destruction of their entire business model. The internet has no equivalent to the WHO; there is the IETF, and I am dutifully following IETF process and expect to see an RFC number on the SPF standard soon. But more needs to be done: we need to convince the authors and packagers of MTA software that they should include SPF with their distributions (turned off by default for now); and domain owners all over the world need to submit to the inconvenience of "vaccination" which I have tried to make as painless as possible. In the twentieth century 300 million people died of smallpox, and still it took humanity 176 years to eradicate it. I believe it is technically possible to eradicate spam in 2004. But there are obstacles: inertia, laziness, and fear of change ("what about the infinitesimal chance that the vaccine will kill me?") And there are those with an interest in seeing spam grow: legitimate businessmen whose livelihood would be threatened. Against these forces the Right Solution needs champions. We already have a number of such champions: I estimate that 120,000 domains now publish SPF records, including dyndns and altavista; SpamAssassin and other antispam products will check for them. Opensource developers have independently written SPF plugins for Postfix, Sendmail, and Exim. And we have famous advocates like Eric Raymond spending time and energy promoting the cause. If our numbers continue to grow, in the coming months SPF will cross the tipping point. If it does, we can hope that in 2005 the antispam industry will be, in fact, a zero-dollar business. Now we need MTA distributions to include SPF. SPF should be configured turned off by default, but easily turned on; when it matures along the RFC standards track, we can turn it on by default. (This message may be read by a wide audience. If you can help, please see http://spf.pobox.com/ and join the mailing list by sending mail to subscribe-spf-discuss () listbox com.) ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- MTA packagers please consider SPF Dave Farber (Jan 04)
- <Possible follow-ups>
- MTA packagers please consider SPF Dave Farber (Jan 05)