Hi Dave (and everyone else!),
Friday, June 11, 2004, 5:02:14 AM, you wrote:
[snip...]
DW> I left the confirmation on initially just to see what happens and
DW> emailed a post to my blog. I waited and waited and waited for the
DW> confirmation, nothing. Weird... Check the mail server, no backlog.
DW> Happen to look at my incoming spam folder, and what do you know,
DW> blogware is forging a domain it does not own or host and has never been
DW> authorized to send from, and as a result my mail server flagged it as spam.
We should try and get some perspective here. Blogware *was* given
authorization to send mail as "From: you@yourname.com" as this is
controlled within your own blogware account settings which *you*
manage: Settings-->Article Notifications
--- NOTE: ---------------------------------------------
A) You do not have to allow for article notifications... this is a
knob.
B) You get to control which address is used for the outbound email.
---- End Note ------------------------------------------
If you enforce SPF with your spam filters, one would typically think
that you would be careful with what services or locations you use
when mail can be sent as "From: you". Granted, you may not have
looked across the entire area of settings or known what every bit
means. But your "blast" was harsh enough for one to assume that
since you expect so much from the developers and are ready to hammer
on them, you might have done some homework first.
It might make sense for blogware to allow for you to choose an
"@blogware.com" account for your source email and it is something
that should be considered, no doubt. A [civil] note to this end
would start the ball rolling as much as a judgmental one though
civility is so much easier on the ego.
DW> Well isn't that fancy. In today's world even big slow moving behind the
DW> times .COMs like eBay are in the process of fixing their systems so that
DW> they don't forge sender email addresses, so I find it rather astounding
DW> that OpenSRS found a developer clueless enough to create a system that
DW> forges sender information.
DW> </rant>
DW> I'm sorry if this seems offensive, but frankly, somebody needs a smack
DW> upside the head.
The term "forge" in this context can be quite deceiving because it
is in common use in the 'email' world even when it does not meet the
traditional definition of the term, in every other context. But it
is what it is and it *is* in use WRT 'email', albeit in a different
standard context. So you can call a header field "forged" and NOT
have it be a bad thing when traditionally "forged" means something
bad. "Forged" From: fields are not always bad, despite what the
label might imply. Don't believe me? Ask the author of Postfix, one
of the most pervasive SMTP servers in use today. Ask him about SPF
too and you may change your filtering mechanism.
Back to the point. If you read RFC 822 and specifically section
4.4.1 (http://www.faqs.org/rfcs/rfc822.html), you'll note that
*intention* is a critical. A snippet:
This field contains the identity of the person(s) who wished
this message to be sent. The message-creation process should
default this field to be a single, authenticated machine
address, indicating the AGENT (person, system or process)
entering the message. If this is not done, the "Sender" field
MUST be present. If the "From" field IS defaulted this way,
the "Sender" field is optional and is redundant with the
"From" field. In all cases, addresses in the "From" field
must be machine-usable (addr-specs) and may not contain named
lists (groups).
If you read it carefully, you'll see that blogware is meeting the
proper criteria, on your behalf. And again, you don't have to enable
this. If SPF (or Yahoo!'s implementation, etc) ever gets legs,
perhaps blogware needs to provide more information to you so that you
can make the proper allotments in DNS or whatever. But to call it
outright bad and use the strong language that you have used assumes
that everyone subscribes to *your* method of filtering. If Ebay is
going a particular route it does not become synonymous with the
*correct* way of doing things, as most of us know by now.
Dave, I've been on this list for a long time and I generally love
your contributions. In this case it seems to me that you slammed
folks for not following your [email filtering methodology] faith
and that is out of character for you.
I'm sure that blogware can be optimized to meet today's growing needs
of its resellers but tossing around judgements instead of asking for
more functionality and providing solutions makes the whole process
take longer and is subject to the notion of, "you catch more flies
with sugar than with vinegar".
In the end, I get corrected by or informed by people all the time so
I am way open (California style, "way") to feedback on my comments
and welcome any corrections.
Thanks,
-tom
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:57 EDT