Re: [Asrg] Re: SPF abused by spammers

[Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net>]

Hoi Frank,

On Fri, Sep 10, 2004 at 04:05:47PM +0200, Frank Ellermann wrote:
> > Microsoft claims IPR (which they did even before the group
> > was chartered, btw, but everyone ignored it).
> 
> Not really,  May 20: draft-atkinson-callerid-00 published.
> May 21: ASRG co-chair resigns.  May 22: IPR complaint filed.

I have a PDF document from Microsoft which is named
"callerid_license.pdf" and is dated "Published: February 20, 2004".
It starts with:
------------------------------------------------------------------------
    Caller ID for E-mail Implementation License

    This document is intended to expand upon the rights that Microsoft
    grants to certain individuals and organizations interested in developing
    and implementing software programs having one or more aspects conformant
    to the Caller ID for E-mail Specification (the "Specification") by
    providing a patent license to the Specification. Copies of the
    technical specifications for the Caller ID for E-mail Specification,
    which include an associated copyright notice and license, can be found at
    http://www.microsoft.com/mscorp/twc/privacy/spam_callerID.mspx.

    Please read this entire document carefully to understand your rights.

    Patent License
    Microsoft believes that it has patent rights (patent(s) and/or pending
    applications(s)) that are necessary for you to license in order to
    make, sell, or distribute software programs that comply with one or
    more aspects of the Caller ID for E-mail Specification.
    [ ... ]
------------------------------------------------------------------------
So it was clear from the beginning that every derivate work that relates
to Caller ID will have an IPR problem and that Microsoft will file a
complaint. Many people stated it, it should be in the archives, but
it was deliberately ignored.

> Sure, there's nothing wrong with spf2.0/mailfrom as long as
> you don't confuse it with the FUSSP.  In theory spf2.0/pra
> could also make sense if they fix their "patented" algorithm
> to read four mail headers for some common cases.

SPF will not solve "the spam problem" and it will not solve "the
phishing problem". It will *try* to solve the problem with domain
forgery and while trying it breaks the whole existing Internet mail
infrastructure by requiring something like half baked SRS.

> > We still don't have "the anti spam solution", but hey,
> > who cares or realizes this.
> 
> I care.  Back to zero bounces / out-of-office / vacation /
> challenges / broken NDRs / Symantec announcing its ignorance
> to the e-mail world at large / etc. per day as it was in 2003.

In which way does SPF protect you from
   out-of-office / vacation / challenges

> > everyone always says "this is the way to go", so nobody
> > asks where the way will really lead to.
> 
> Again not really.  I still like your MTAMARK idea, and it's
> also very interesting to watch SURBL.  And even C/R systems
> could work in combination with a spf2.0/mailfrom PASS.

Maybe I should have been clearer and write:
   > everyone always says "this is the way to go", so journalists don't
   > ask where the way will really lead to.
because they still are under the assumption "MARID will solve the spam
problem". I fully understand they must be disappointed to read the
CipherTrust report.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg