SPF sucks

Hans Fugal hans at fugal.net
Wed Jul 4 15:52:47 MDT 2007


How much money has been wasted in the fight against spam? If we had had
the foresight to get it right in the first place (whatever that may have
been/be) how much (1) cost and (2) results and (3) happy customers would
we have today? Never understimate doing it right.

As for SPF, it's not only an imperfect solution (which would be benign),
it's broken and breaks things *for other people*. The responsible thing
is to not use it.

On Thu, 28 Jun 2007 at 10:45 -0600, Steven Alligood wrote:
> ok, I agree that simply because something is easy versus the hard way is 
> not a reason for implementation or not.
> 
> I also agree that something that is completely broken should not be used 
> in place of not having the function.
> 
> But I believe that the world in general does not care if something is 
> kind of broken or what is the "right" way of doing things.  They care 
> about (1) cost, (2) results and (3) make customers happy.  In that 
> order.  Doing something "right" is about 235 in the list, right after 
> (234) call mom on her birthday.
> 
> Things get implemented because there is a need and the cost is less than 
> ignoring the need.
> 
> SPF is a very good solution following those rules.  It is cheap, easy to 
> implement, and does about 75% of it's goal.  It also tells your 
> customers that you care and are trying to do something about their problem.
> 
> It is here to stay until something better can be done that is as easy to 
> implement.
> 
> It's not "right".  It just is.
> 
> -Steve
> 
> Levi Pearson wrote:
> >Steven Alligood <steve at bluehost.com> writes:
> >
> >  
> >>Before you can convincingly argue against SPF, you need to come up
> >>with something that works better and is still as easy to implement.
> >>    
> >
> >I'm not sure why it's necessary to come up with something better
> >before criticizing what exists.  Broken things are broken regardless
> >of whether something better currently exists.  There are, in fact,
> >reasonable arguments against using most broken things even when there
> >are no better alternatives.  Those arguments won't always win in every
> >situation, but that doesn't make them unworthy of consideration.
> >
> >Finally, ease of implementation is NO EXCUSE for brokenness.  If X is
> >broken but easy to implement, and Y is not broken but difficult to
> >implement, then the existence of Y does not preclude arguments against
> >X simply because Y is hard.  Sometimes the right solution IS hard.
> >
> >                --Levi
> >
> >/*
> >PLUG: http://plug.org, #utah on irc.freenode.net
> >Unsubscribe: http://plug.org/mailman/options/plug
> >Don't fear the penguin.
> >*/
> >  
> 



> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */

-- 
Hans Fugal ; http://hans.fugal.net
 
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20070704/2820536e/attachment.bin 


More information about the PLUG mailing list