Wandering Thoughts archives


Why large ISPs like SPF (the cynical view)

One of the peculiarities of SPF and related schemes is that many large ISPs are quite enthusiastic about it, especially free webmail places like Hotmail, Yahoo, and Google Mail. However, this enthusiasm rarely extends to blocking incoming email that fails SPF checks, although they are happy to encourage you to use SPF on your own mail.

The cynical view of this is that ISPs love the idea of SPF because it gives them more control over their customers. With SPF, their customers are not only tied to the ISP for reading their email, they are tied to the ISP for sending email too. This suggests why the free webmail providers are so enthusiastic; all of them show ads on their websites, so the more they can force users to use those websites the more they profit.

This also may explain why people are enthusiastic about SPF variants like DomainKeys that validate the message headers, since it gives them even more control of what users can do. (For most users, what matters is not their envelope origin address but what From: header says.)

Sidebar: the less cynical view of DomainKeys

The less cynical view of why Google and Yahoo are behind signing the From: header instead of the envelope origin address is that they are smart enough to understand that in the real world, no one is using either SPF or DomainKeys to reject email in the MTA. If you're aiming at users instead of MTAs, the message headers are what really matters, and so authenticating them is the important thing.

(And you actually have a shot at persuading MUA authors to include optional DomainKeys checking, or writing plugins to do it for popular MUAs.)

spam/WhyISPsLikeSPF written at 23:02:40; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.