On Thu, 26 May 2005, Tony Finch wrote:
I wish there was a way to utilize the relatively large number of SPF records
in a technology like CSV.
It seemed to me at one point that there was some promise that it would be
possible to write an SPF record which applied only to HELO or only to PRA
or only to the return path. However divergent SPF/SenderID implementations
and specifications have horribly muddied the waters and I'm not sure it's
possible to do this now and expect any kind of reliable interoperability.
Disaster.
At the end of MARID we started on the path towards unified spf and
multiple scopes. I'd not have been surprised if HELO was next scope
introduced and while I recognize contributions made by CSV people and
hard work they have put in their documents, a common syntax is better
for all and in the end, I believe their work would have been adoptable
as "restricted profile" SPF record (using "a" in place of SRV) as
documentation for HELO scope.
IESG did not do us (I mean everyone who is interest in better email
anti-spoofing and security technologies) any favors by closing down
MARID when we finally started getting somewhere even if we were behind
on the deadline, other WGs are years behind in their work and do not
get disbanded (or need I mention USEFOR perhaps...)
And not that it matters, but AOL did not help either by agreeing to
support SID with use of spf1 only records (which brought political crisis
and strong unhappiness in spf community and stalled further work on
unified spf) - instead you should have pushed for quickly having rfc
(even if its not 100% perfect) that documents current spf1 with all
further work continuing on "spf2" with more comprehensive per-scope
documentation and usage guidelines.
Oh well, enough of history... Lets hope we can salvage at least some of
what we had worked for in the future even if it will not happen quickly.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net