Slashdot Mirror
Debian Project Rejects Sender-ID
NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Although I hope you're correct, it's incredibly naive to believe so.
The truth is, proprietary 'standards' are all over the place. They are especially effective when directly-marketed to consumers, cutting out all the middle-men who might say "whoah there, that isn't a good deal" and replacing them with glossy print ads full of half-truths.
And, let's face it, Windows itself is the greatest direct-marketing tool ever created. I'm not looking forward to the direction this is going.
"I assumed blithely that there were no elves out there in the darkness"
Everybody here is no doubt familiar with the "unofficial standard" that is Microsoft Word: meaning, they have been sent Word documents or asked to send documents in Word format as if everybody used Word. Microsoft has ensured that the clueless masses default to Word's format as an Internet standard (or as an example of "best practices" -- to use the latest buzzword).
You can find examples of this in business, education, and government.
It's possible that we're going to see e-mail "evolve" in the same way. Ninety percent of e-mail flying around the Internet will use the new Sender ID standard; those not using it will seem odd and likely be forced to use it more often than not in their various business dealings.
quiquid id est, timeo puellas et oscula dantes.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
Perhaps there will be no adoption of sender-id; perhaps an open solution will prevail. The reason the internet works as well as it does is open standards. Perhaps these companies that are trying to encumber "standards" are slowly learning that they will not gain the acceptance of their "standards" and will have to compete on the merit of implementations of open standards rather than locking people into a "standard". This is just the newest version of proprietary file formats; unfortunately it is the only way Microsoft knows to compete anymore. Rather than compete on a level playing field, Microsoft wants to lock you into their new "standard" rather than compete on the merits of their products.
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
It's sad, but it seems that taking sometimes the most primitive steps to help secure one's mail server is over the heads of mail administrators. Even worse, the amount of resistance to having an MTA have proper reverse is incredible.
A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."
Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.
We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.
Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.
Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.
Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
It is very likely that Sun, IBM and RedHat will reject Sender-ID as well. Here is a very interesting read on News Forge
This is my sig. There are thousands more, but this one is mine.
We are also concerned that no company should be permitted intellectual property rights (IPR) over core Internet infrastructure.
Seems obvious to me. Why isn't it obvious to the IETF?
Debian again: We believe the IETF needs to revamp its IPR policies to ensure that the core Internet infrastructure remain unencumbered.Right on.
A company like Microsoft has no respect for the rights of others, no respect for ethics, no respect for the ideals of the people who built the Internet infrastructure for our benefit. I agree with Debian that no company should be permitted IP rights over core Internet infrastructure. But especially not a predatory company like Microsoft.
(emphasis added)