nanog mailing list archives
Re: soBGP deployment
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 24 May 2005 08:28:24 +0530
On 5/24/05, Brad Knowles <brad () stop mail-abuse org> wrote:
If you're talking about users, then all you have to do is implement SPF at a few large sites like AOL, where they don't support forwarding and therefore they don't care if they break forwarding, where they want to force everyone to use their outbound mail relay servers anyway, etc.... Do that, and you've got a "majority".
Two levels of SPF - 1. publishing conservative enough spf records to do the least damage but look good (~all or ?all instead of -all) - every man and his dog (e&oe people like us who have removed all our spf records) does that these days after AOL announced they'd use published spf records to maintain their whitelist and feedback loop 2. Rewriting return paths using SRS/SES for forwarded mail, and checking + rejecting based on spf failures srs (http://www.circleid.com/article.php?id=1039_0_1_0_C/ for more)
If you're talking about mail systems, it's a whole different picture. Setting up TLSSMTP or SMTPAUTH is non-trivial, even for experienced admins. Indeed, many experienced admins may own their own domains, but not run their own machines. Even if the server side is capable of supporting TLSSMTP and/or SMTPAUTH, they may well be using clients which are not capable of doing so, or not capable of doing so interoperably with the server side. Much, much more difficult to get large numbers of installations. Penetration of SPF is pretty low, and it's likely to stay that way for the foreseeable future. The problems with SPF are pretty basic, and I don't see them being eliminated any time soon with a casual wave of your royal hand.This obsession with perfection will (as usual) result in exactly no progress. Folks need to be willing to get 70% of the benefit for 10% of the effort.And if twelve people told you that you'd have to implement twelve different incompatible systems, and each of them would give you a different 70% of the benefit for 10% of the effort (but only if they were the only solution implemented), what would you do? The IETF has taught us that multiple incompatible partial solutions is not a particularly desirable outcome. That way lies madness. -- Brad Knowles, <brad () stop mail-abuse org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
-- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Re: soBGP deployment, (continued)
- Re: soBGP deployment Michael . Dillon (May 23)
- Re: soBGP deployment william(at)elan.net (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Daniel Golding (May 23)
- Re: soBGP deployment Jeroen Massar (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Edward Lewis (May 23)
- Re: soBGP deployment Daniel Golding (May 23)
- Re: soBGP deployment Valdis . Kletnieks (May 23)
- Re: soBGP deployment Brad Knowles (May 23)
- Message not available
- Re: soBGP deployment Suresh Ramasubramanian (May 23)
- Re: soBGP deployment Michael . Dillon (May 24)
- Re: soBGP deployment Geoff Huston (May 23)
- Re: soBGP deployment Russ White (May 23)
- Re: soBGP deployment Tony Li (May 23)
- Re: soBGP deployment Alexei Roudnev (May 24)
- Re: soBGP deployment Randy Bush (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Tony Li (May 23)
- the problems being solved -- or not Pekka Savola (May 24)
- Re: the problems being solved -- or not Russ White (May 24)