jonagard at amazon
Jun 11, 2004, 11:22 AM
Post #3 of 4
-----BEGIN PGP SIGNED MESSAGE-----
Re: [spf-discuss] AOL to ESPs: Comply with SPF, Or Else
[In reply to]
Keep in mind that I am just trying to advocate this so that we get the issue
fully explored. Maybe you are right: Publishing an article in the trade
press is the best and only way of giving notice.
On Friday 11 June 2004 10:25 am, Alan Hodgson wrote:
> On Fri, Jun 11, 2004 at 09:59:43AM -0700, Jonathan Gardner wrote:
> > I know it isn't exactly the best idea, but how else are we supposed to
> > post a formal notice to everyone who owns a domain and sends and
> > receives email? Which website does everyone who own a domain frequent?
> > Which newspaper or magazine do they read?
> They don't. And you won't be able to let them know.
> If you wish to spend money on TV or magazine advertising to try, that
> would be your right, though.
> > If the postmaster account isn't used for this, then what is it used
> > for?
I ask again: What is the postmaster account used for, if not for email
issues with a particular domain? Are we supposed to never send any email to
any postmaster ever because it may be considered spam?
> > Sure, it may be unsolicited, but unsolicited in the same way that a
> > subpeona or a legal notice is unsolicited.
> > It is hardly spam in the UCE sense.
> Unfortunately it is exactly spam in the UCE sense. Your message is no
> more or less important in the grand scheme of things than anyone else's,
> and no more worthy of cost-shifting receipt. It took me a while to learn
> that lesson, but learn it I have.
How is sending a notice of SPF compliance deadline UCE? (UCE = Unsolicited
COMMERCIAL Email) We aren't asking for money. We aren't forming a pyramid
scheme. We aren't asking them to login to their eBay account to update
And is a notice to another company that we aren't going to accept their
email any longer unless they make some changes unsolicited? Isn't that what
the postmaster account is for? Don't we have almost a legal liability to
notify people that we are going to drop their email?
> > I am open to other suggestions. I would rather people had previous
> > notice that their emails will be ignored rather than silently dropping
> > millions of emails without giving due notice.
> Eventually, bouncing E-mail due to lack of SPF records (or too lenient
> SPF records), will be the only way to force adoption. You won't be able
> to do that for years, though, if ever.
> Things on the Internet don't change overnight. This isn't 1994.
I believe you are wrong. We can have SPF fully deployed by September 22. We
have come this far in a relatively short period of time. There is a great
need for SPF, and people will adopt it. Look around - many major internet
participants have fully endorsed SPF. These are the early adopters. How
many more are merely waiting for some more evidence or a push in the right
If AOL is going to bounce emails by the end of the summer, then a
significant portion of email is going to get bounced or a significant
number of domains are going to publish SPF.
> > The only other alternative is to send a message to postmasters who
> > don't publish SPF when you receive a message from them. It will be
> > important that it gets sent only once, however. In that sense, you
> > would be informing them, "Hey, I accepted your email this time. Come
> > September 22, if you don't publish SPF, I won't accept it."
> No, you could tell your correspondents that though. Spamming postmasters
> will never make you friends or help the adoption of SPF.
Neither will suddenly dropping someone's email with no notification.
I see two situations:
(1) We send notifications to postmaster@. Many people are upset. We get a
news article published about how SPF group is engaging in the exact
behavior we want to prevent. We get added to SpamCop and some other
people's blacklist. Slashdot runs an article, "Is the solution worse than
the cure?" However, everyone and their grandmother knows of the deadline
and what they must do. When they send an email, and it gets dropped, they
go "Oh, it must be because we didn't publish SPF records."
(2) We publish a few articles in the US and Europe. Japan, Korea, and China
are largely left out of the loop. We only get the attention of a fraction
of email participants. When the flag day passes, massive amounts of email
get dropped. The poor email administrators don't even know that their email
is getting dropped for days or even weeks. When they do a thorough
investigaton, they finally get a response: We are dropping your email
because you aren't publishing SPF records. Well what good does that do them
now? They've lost several days of emails and they've never been notified of
it in the first place! But we wrote articles in magazines and emailing
lists and internet sites, wasn't that enough? Well how are they supposed to
read the articles if they are written in English or French or German and
they speak Korean?
So the thing is, we can either anger them before or after the flag day. I
think angering them before the flag day will do a lot more good than
angering them after the flag day.
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard [at] amazon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2