I appreciate your taking the time to confirm and in some
cases clarify my understandings.
One follow up question. You wrote:
What is controversial is that we find ourselves
complicating the task of publishing MARID-appropriate DNS
records (which is quite contrary to the original aim of
If we accept the position of separate DNS records for each
protocol, can you elaborate on the controversy as you see
I am not wanting to put you on the spot. So let me outline
the situation as I see it and then perhaps you could
provide corrections, comments and so forth.
Prior to the present draft of the Marid protocol, marid -
appropriate DNS records were published using v=spf1 in the
DNS IN TXT file.
(My apologies if I have not stated this correctly.)
A receiving MTA could either with or without Submitter:
* Use these DNS records to run an SPF check, although not
specified in the Marid core protocol;
* If a negative result was returned, reject the message and
send a rejection notice in accordance with the SPF protocol;
This could be done at the DATA stage, so arguably saving
* If a pass or neutral result was returned, proceed to
'swallow' the message and run a Marid core check.
This gave the receiving MTA the benefit of SPF, along with
Under the present draft of the Marid protocol, marid -
appropriate DNS records should be published using
v=spf2.0/pra in the DNS RR type SPF2 file, although the
protocol does allow for TXT type records in the SPF2 file.
However, by changing the version string, although the
receiving MTA may decide to extract the domain in SMTP mail
from and run a check against the SPF record in the DNS IN
TXT file, if the domain has not published an SPF record,
because it is not required:
* Have we lost the potential optimization which was
* Does the optimization suggested by Chris in his note to
Margaret, based on his offline discussion with Mark fully
replace this earlier optimization?
(There is a bad pun in there, but I'll skip it.)
It seems it could, but only if the domain extracted from
the SMTP mail from is the same as the purported responsible
domain as identified in the marid appropriate DNS records?
Is this the controversy you speak about, or is it something
I apologize if my questions are putting anyone on the spot.
I simply want to ensure the understandings are clear, so
that receivers can optimize their results and prudent
senders can accommodate this objective.
I appreciate your taking time to respond.
The FTC Calls For Sender Authentication
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004