[mail-vet-discuss] Draft as of 9/4/2007
Michael Thomas
mike at mtcc.com
Sun Oct 14 10:26:54 PDT 2007
John L wrote:
>> Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
>> strip. The third parties can sign after all and then you'd just trust
>> them directly.
>
> Why, yes indeed, I'm advocating SHOULD NOT strip. Surely you haven't
> forgotten that this is supposed to work with SPF and Sender-ID, where
> forwarders can't sign without munging the message. Even if the
> forwarders do sign, that doesn't tell us anything about the status of
> the message when it arrived at the forwarder which is useful for spam
> forensics.
>
Frankly I don't much care because on average I have no clue whether I trust
where it's coming from. And if I trust where it's coming from, I
probably trust
them to filter out the nonsense too, so it seems rather pointless.
>
>> Trying to expect unauthenticated cross administrative good bits to
>> remain good is pretty crazy if you ask me.
>
> There are cases where they do and cases where they don't, and it's not
> hard to recognize the ones where they do. Personally, I think it's
> crazy to break a useful application because a sufficiently inept user
> might misuse it. If we're going down that path, I have a whole lot
> more deletions to make.
The sufficiently inept users outnumber us millions to one.
Mike
More information about the mail-vet-discuss
mailing list