IETF Logo Mail Archive

Re: [dnsext] SPF, a cautionary tale

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 06 May 2013 00:34 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E106E21F977E for <dnsext@ietfa.amsl.com>; Sun, 5 May 2013 17:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.442
X-Spam-Level:
X-Spam-Status: No, score=-2.442 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Li2uNo9Rddge for <dnsext@ietfa.amsl.com>; Sun, 5 May 2013 17:34:02 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id D6E0E21F977D for <dnsext@ietf.org>; Sun, 5 May 2013 17:34:01 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id s10so2639587wey.3 for <dnsext@ietf.org>; Sun, 05 May 2013 17:34:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=EGFfI+rCCiKoZvXoJPkluVXTtHNLIuktmNte7YPLTdk=; b=UY7IKNchCVuS1LFygYzw9ZDLGXiAxeyUvfpghITneJBBLZzDvQxLhmBznS4ieiaXMe OKC3eTIlNO0cP5NqF6jbO/aVuQfaTnCPko2gQHFW6CoBirpJ8i5S3zFrz9jzOTL92lDI cOgSO7W2k3iuHuZXfw6Hur2r3X2VrCc5d2Gvy7yNuxaTt9CXamJqeTVjW/23MRkmLaQH W5+Tlv8kxbSCjqAbHQnvrOti1j9sBxAPa8MpRddVuKk11i96KxCTT01gDSSCwtIKct2x hlMqGox3NxWw1siC1aIZjMCA/vbgr1bqDTF4MqBWjT1+gh2u3odExR1phdD2LStriJ3b ieIg==
MIME-Version: 1.0
X-Received: by 10.195.12.228 with SMTP id et4mr17917033wjd.59.1367800441011; Sun, 05 May 2013 17:34:01 -0700 (PDT)
Received: by 10.180.14.34 with HTTP; Sun, 5 May 2013 17:34:00 -0700 (PDT)
In-Reply-To: <51861e2f.62a3420a.11ed.ffffc5c1SMTPIN_ADDED_BROKEN@mx.google.com>
References: <8D23D4052ABE7A4490E77B1A012B63077516EA82@mbx-01.win.nominum.com> <20130503171843.39672.qmail@joyce.lan> <20130504133312.GA27772@vacation.karoshi.com.> <alpine.BSF.2.00.1305041103360.8602@joyce.lan> <20130505012216.GA29079@vacation.karoshi.com.> <alpine.BSF.2.00.1305042223280.10848@joyce.lan> <20130505032549.GA30757@vacation.karoshi.com.> <alpine.BSF.2.00.1305042327490.11044@joyce.lan> <51861e2f.62a3420a.11ed.ffffc5c1SMTPIN_ADDED_BROKEN@mx.google.com>
Date: Sun, 05 May 2013 17:34:00 -0700
Message-ID: <CAL0qLwY2t3Hgb85yOuqhNLRW5rcZkMt5dKNoWnLmSkKES391Ug@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: bmanning@vacation.karoshi.com
Content-Type: multipart/alternative; boundary="047d7bb04ad86914cc04dc01db9d"
Cc: "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] SPF, a cautionary tale
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 00:34:03 -0000

On Sun, May 5, 2013 at 1:53 AM, <bmanning@vacation.karoshi.com> wrote:

> > If you're saying that the author of RFC 6686 is lying about the data he
> > presents, including 400,000 domains that publish TXT SPF records and the
> > few thousand that publish type 99, I'll pass the message along.
>
>         I'm saying that your claim of millions of messages is flawed.
>         No as to the claims for RFC 6686, I'll be happy to take those
> numbers
>         at face value. (but, yeah, pass my concerns along)
>         402,000 domains using SPF is barely statistically relevent,
> considering
>         there are over 350 million domains in existance.  just over 1%.
>

Isn't "domains that appear to be sending mail" a more useful universe from
which to sample than "registered domains"?

        apparently no one in the spfbis wg bothered to read
> http://tools.ietf.org/html/rfc5507
>         and there is no time limit to the choice of a good idea v. a bad
> idea.
>         a bad idea can and should be questioned at any time - there is no
>         "its too late" arguemnt that should hold, particularly when there
> is
>         roughly 1% penetration of the service against the number of
> existing domains.
>

I'm an existence proof that your claim is false.  I've read RFC5507 and I'm
familiar with its contents.  I've already said that, were we writing this
anew, I think we'd likely be taking a different path here, one that would
make the members of dnsext much happier.  But since the former is false,
and there's a substantial deployed base much of which is unlikely to change
its behaviour for various reasons, we have to look at this a different way.


>
> > Despite what the fantasists in dnsext imagine, there is no chance
> > whatsoever of getting those hundreds of thousands of existing mail
> systems
> > to change the way they publish and check SPF data, particularly a change
> > that has less than no operational benefit.  (Don't argue unless you know
> > more people who run large mail systems than I do, and I meet pretty much
> > all of them at MAAWG meetings.)  The only recent changes I can think of
> > are that Yahoo used to check both TXT and type 99 and now only checks
> TXT,
> > and Micsosoft mail properties including Hotmail gave up on Sender ID and
> > just check SPF.
>
>         my what a pessemistic/fatalistic attitude you have there.
>         and again with your unsupported assertions.
>

His pessimism is founded in reality.  I have similar contact with the same
people, and I reach the same conclusion.

-MSK

v2.23.0 | Report a Bug | By Email