Date: Tue, 13 Jan 2004 22:56:29 +1100 From: Chris Drake To: spf-discuss@v2.listbox.com Subject: [spf-discuss] Lawsuits, angry business users, and SPF stupidity. Hi, I hate spam, but just like 99% of all other business email users, I can *never* afford to loose even as much as *one* email - EVER. I strongly object to you guys forcing my ISP to trash my incoming email without my permission. I VERY strongly object to you guys forcing my recipients ISP to trash my incoming emails without my permission. What advice are you giving to people implementing SPF as to their legal risk when they trash legitimate customer emails? In case you didn't already know - it's also a criminal offence in most countries to intercept emails. What legal advice are you giving to ISPs about their criminal risk? As publishers of software and standards which perform criminal+illegal activities, and immoral purpose (erasing emails without sender or recipient consent), what do you believe your own legal risk to be? Finally, I run a (pay only, non-spam) personal remailler service which legitimately maintains the real senders address (and due to MDN/DSN standards, must maintain it in the envelope as well as other areas). You SPF idea has the potential to (A) Destroy my legitimate business, along with everyone else who operates anything similar, and (B) Puts me at legal risk due to my customer emails not reaching their intended recipients due to your SPF foolishness. Should I ever get sued, I will be forced to try and recover costs from someplace - either the recipient ISP, or the SPF software authors (the latter being the most likely, since the ISP will hide behind that excuse or risk criminal prosecution as well). And while I'm on the topic - what is the point of SPF??? - connecting to the senders MX server and VRFY: or RCPT TO: should solve most problems, and if you want to implement sender authentication, a new SMTP request could be written, like "SPAM?: " when the senders MX server verifies whether or not that sender recently sent any email to that recipient. TaDa - all problems solved, and no collateral damage. Of course - the best idea is a digital signature system built into clients with revocation for spammers - but I notice that you carefully avoid mentioning anything that has the prospect of working better than SPF in your links. Tch tch tch. What the internet REALLY needs is an "I am not a spammer" system so that me and the businesses I correspond with can buy a 100% guarantee that our email will never be trashed by the crazy anti-spam rules that you and everyone else is busy dreaming up all the time (and yeah - with revocation so spammers can't abuse it). Kind Regards, Chris Drake ------- Sender Permitted From: http://spf.pobox.com/ Archives at http://archives.listbox.com/spf-discuss/current/ Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss@v2.listbox.com