This is the recent traffic on the #SPF-council IRC channel on irc.pobox.com. Anyone may join the channel, but only council members can talk.
If you do not have access to IRC, you may view the recent traffic at: http://www.schlitt.net/spf/spf-council/now/irc_log.html.
This log can be can be viewed at: http://www.schlitt.net/spf/spf-council/2005/02/10_1_irc_log.html.
IRC nicknames:
| csm | Chuck Mead |
| freeside | Meng Weng Wong |
| grumpy | Wayne Schlitt |
| Julian | Julian Mehnle |
| MarkK | Mark Kramer (asarian-host.net) |
| --- Thu Feb 10 01:07:32 UTC 2005 --- | ||
| 01:07 | <grumpy> | Hey freeside |
| 01:07 | <grumpy> | you still around? |
| 01:07 | <grumpy> | I'm thinking about the objection to the "HELO" |
| 01:08 | <grumpy> | is it possible that MS is objecting to the %{h} macro rather than the HELO checking? |
| 01:08 | <grumpy> | it was removed for MARID, but I put it back in because it has always been a part of spf-classic. |
| 01:09 | <grumpy> | besides, it took slightly fewer words to say "this is what %{h} does" than "%{h} used to be around, but is no longer and this is what you should do if you see it." |
| 01:30 | <Julian> | grumpy: Why would they object to the "h" macro in particular but not to HELO checking in general? |
| 01:38 | <grumpy> | I dunno, but they strongly objected to the h macro during MARID. |
| 01:39 | <grumpy> | something about it not being possible to get the HELO domain in the MUA. |
| 01:39 | <grumpy> | of course, you can get it from the Received: headers, if it is there. |
| 01:40 | <grumpy> | the Received: headers is also where you have to get the IP address, if it is there. |
| 01:41 | <Julian> | Right. |
| 01:42 | <csm> | SHITE! |
| 01:42 | <grumpy> | SUNNI! |
| 01:42 | <csm> | I give a diddly god damned about the MUA! |
| 01:42 | <grumpy> | Well, it isn't just the MUA. |
| 01:43 | <grumpy> | Spamassassin also has to dig through the Received: headers. |
| 01:43 | <csm> | but spamassasin isn't gonna care about HELO |
| 01:43 | <csm> | and besides |
| 01:43 | <grumpy> | Uh, yes the do |
| 01:43 | <csm> | HELO isn't anything the MUA gives a shit about |
| 01:43 | <grumpy> | they do SPF HELO checking. |
| 01:43 | <Julian> | SPF in SpamAssassin is bollocks. |
| 01:43 | <csm> | *WHY*! |
| 01:44 | <csm> | it is a god damned waste of time once the envelope is fricking gone |
| 01:44 | <csm> | I am getting pissed now |
| 01:44 | <Julian> | SPF is SMTP-time technology. SpamAssassin really isn't. |
| 01:44 | <csm> | and it's all post receipt processing anyway |
| 01:44 | <csm> | and *I* *DON'T* *DO* POST RECEIPT PROCESSING |
| 01:44 | <csm> | damned waste of MIPS |
| 01:45 | <csm> | REJECT... *DO* *NOT* BOUNCE |
| 01:45 | <csm> | damn |
| 01:45 | <csm> | bunch of know nothing egotists |
| 01:45 | <Julian> | So true. |
| 01:45 | <csm> | you know what their problem is? |
| 01:45 | <grumpy> | Well, I happen to like the SPF checking in SA. |
| 01:45 | <grumpy> | But then, I run SA at SMTP time via sa-exim |
| 01:45 | <Julian> | They're opportunists. They do what the user wants. |
| 01:45 | <grumpy> | works great |
| 01:45 | <csm> | they don't care about spam... they don't care about the virii their shitty acrhitecture allows... |
| 01:45 | <csm> | all they care about is that they see a way to make a buck! |
| 01:46 | <grumpy> | "they" == SA folks? |
| 01:46 | <Julian> | Even, they do what the user _thinks_ he wants. |
| 01:46 | <csm> | fixing this problem is *NOT* on their agenda! |
| 01:46 | <csm> | no M$ |
| 01:46 | <grumpy> | oh. |
| 01:46 | <Julian> | My "they" means the SA folks, yes. |
| 01:47 | <csm> | mine doesn't... I won't rant on them... |
| 01:47 | <grumpy> | Well, I disagree that fixing the spam problem is not on MS's agenda. it may not be high enough on the agenda through out the entire company, and they may be going about it the wrong way, but at least parts of MS want to solve the problem. |
| 01:48 | <grumpy> | For example, hotmail.com and msn.com would *really* like to see the spam problem go away. |
| 01:48 | <csm> | grumpy: if you care you do9 the right things |
| 01:48 | <csm> | caring means *DOING* |
| 01:48 | <csm> | and they ain't! |
| 01:48 | <grumpy> | big corps aren't monolithic. |
| 01:49 | <grumpy> | Often, one part doesn't know what another part is doing. |
| 01:49 | <csm> | dude... |
| 01:49 | <grumpy> | sometimes one part hates another part more than they hate the competition |
| 01:49 | <csm> | don't apologize to me for the behavior of that corporation... it ain't your fault |
| 01:49 | <csm> | yeah |
| 01:49 | <grumpy> | my point is that we need to help the parts of MS that *do* want to solve the spam problem and *are* trying to do something. |
| 01:50 | <grumpy> | at the same time, we should *not* help the parts that are hurting things. |
| 01:50 | <grumpy> | this isn't a black and white issue where all of MS is the same. |
| 01:50 | <csm> | well my point is... doing and worrying about MUA stuff isn't gonna do squat and that's been my objection to SID from day one |
| 01:51 | <Julian> | csm: Exactly. |
| 01:51 | <grumpy> | csm: ok. That's not my problem with SID |
| 01:51 | <grumpy> | Or, at least, that's not my main problem with it. |
| 01:51 | <grumpy> | I agree that SMTP time checks are far better than post-DATA checks |
| 01:52 | <grumpy> | but I support Spamassassin and other post-delivery spam filters using SPF. |
| 01:52 | <csm> | grumpy: sure... and I've got no problem with it... and I'll bet you that SA *LIKES us using HELO |
| 01:52 | <grumpy> | that is *still* blocking spam from the end user. It just doesn't help out the mail admin as much |
| 01:52 | <Julian> | Recognizing spam is just one half of solving the spam problem. Preventing it is the other half. MUA checking (like SpamAssassin) doesn't do the second half. |
| 01:53 | <grumpy> | csm: yes, they do. They strongly supported it when it was being discussed in 2003. |
| 01:53 | <csm> | cool... see... I have no issues with SA |
| 01:53 | <grumpy> | Julian: well, I agree that it is less effective, but blocking spam at the receiving MTA is also not optimal. |
| 01:53 | <grumpy> | we want to keep spam from ever being sent. |
| 01:53 | <Julian> | Yes. |
| 01:54 | <csm> | keeping spam from ever being sent == REJECT IMHO |
| 01:54 | <grumpy> | (and phishing, and bogus bounces, and lost email, and...) |
| 01:54 | <Julian> | You can't achieve that by only tagging or sorting spam client-side. |
| 01:54 | <Julian> | csm: Not only rejecting, also giving (bad) reputation, and law enforcement. |
| 01:55 | <Julian> | Spam is a social problem, too, not just a technical one. |
| 01:56 | <grumpy> | Anyway, my question to freeside was just about whether MS is objecting to HELO checking or the %{h} macro. It is *far* easier for the %{h} macro to be modified. |
| 01:56 | <grumpy> | MS can put something in their draft that says "ignore the %{h} macro". |
| 01:56 | <Julian> | Why the hell do we want to accommodate Microsoft without real reason? |
| 01:56 | <Julian> | I don't see the point. |
| 01:57 | <grumpy> | Well, yeah, I agree, but there *may* be a real reason of "the IETF listens to MS". |
| 01:57 | <Julian> | They shall give us technical reasons why HELO checking (or the "h" macro) is bad. Then we can discuss changing things. |
| 01:57 | <grumpy> | agreed. |
| 01:58 | <Julian> | If we have to do things because the IETF listens to MS for any non-technical reasons, IETF is corrupt and shall be ignored. |
| 01:58 | <Julian> | (I know this is a hardliner position.) |
| 01:59 | <grumpy> | the problem is that many other people *do* listen to the IETF. |
| 01:59 | <grumpy> | anyway, I was just trying to make sure freeside thought about the issue so that there *might* be less of a communication problem. |
| 02:00 | <Julian> | Ok. |
| 02:40 | <csm> | the ietf can listen to M$ all they want... but spf-classic is a stand alone item |