nanog mailing list archives

Re: soBGP deployment

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 24 May 2005 08:28:24 +0530


On 5/24/05, Brad Knowles <brad () stop mail-abuse org> wrote:

        If you're talking about users, then all you have to do is
implement SPF at a few large sites like AOL, where they don't support
forwarding and therefore they don't care if they break forwarding,
where they want to force everyone to use their outbound mail relay
servers anyway, etc....  Do that, and you've got a "majority".


Two levels of SPF - 

1. publishing conservative enough spf records to do the least damage
but look good (~all or ?all instead of -all) - every man and his dog
(e&oe people like us who have removed all our spf records) does that
these days after AOL announced they'd use published spf records to
maintain their whitelist and feedback loop

2. Rewriting return paths using SRS/SES for forwarded mail, and
checking + rejecting based on spf failures

srs (http://www.circleid.com/article.php?id=1039_0_1_0_C/ for more)


        If you're talking about mail systems, it's a whole different
picture.  Setting up TLSSMTP or SMTPAUTH is non-trivial, even for
experienced admins.  Indeed, many experienced admins may own their
own domains, but not run their own machines.  Even if the server side
is capable of supporting TLSSMTP and/or SMTPAUTH, they may well be
using clients which are not capable of doing so, or not capable of
doing so interoperably with the server side.  Much, much more
difficult to get large numbers of installations.


        Penetration of SPF is pretty low, and it's likely to stay that
way for the foreseeable future.  The problems with SPF are pretty
basic, and I don't see them being eliminated any time soon with a
casual wave of your royal hand.

                       This obsession with perfection will (as usual) result
 in exactly no progress. Folks need to be willing to get 70% of the benefit
 for 10% of the effort.


        And if twelve people told you that you'd have to implement twelve
different incompatible systems, and each of them would give you a
different 70% of the benefit for 10% of the effort (but only if they
were the only solution implemented), what would you do?

        The IETF has taught us that multiple incompatible partial
solutions is not a particularly desirable outcome.  That way lies
madness.

--
Brad Knowles, <brad () stop mail-abuse org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



-- 
Suresh Ramasubramanian (ops.lists () gmail com)

Current thread:

Re: soBGP deployment, (continued)
- - - Re: soBGP deployment Michael . Dillon (May 23)
    - Re: soBGP deployment william(at)elan.net (May 23)
    - Re: soBGP deployment bmanning (May 23)
    - Re: soBGP deployment Daniel Golding (May 23)
    - Re: soBGP deployment Jeroen Massar (May 23)
    - Re: soBGP deployment bmanning (May 23)
    - Re: soBGP deployment Edward Lewis (May 23)
    - Re: soBGP deployment Daniel Golding (May 23)
    - Re: soBGP deployment Valdis . Kletnieks (May 23)
    - Re: soBGP deployment Brad Knowles (May 23)
    - Message not available
    - Re: soBGP deployment Suresh Ramasubramanian (May 23)
    - Re: soBGP deployment Michael . Dillon (May 24)
    - Re: soBGP deployment Geoff Huston (May 23)
    - Re: soBGP deployment Russ White (May 23)
    - Re: soBGP deployment Tony Li (May 23)
    - Re: soBGP deployment Alexei Roudnev (May 24)
    - Re: soBGP deployment Randy Bush (May 23)
    - Re: soBGP deployment bmanning (May 23)
    - Re: soBGP deployment Tony Li (May 23)
    - the problems being solved -- or not Pekka Savola (May 24)
    - Re: the problems being solved -- or not Russ White (May 24)

(Thread continues...)