Do we have to go through this yet again?
The entire premise of spam filtering is that the recipient is not prepared to
deliver mail to a user's mail box unless the sender convinces the recipient of
their bona fides.
In this context whining on about the wishes of the sender is pointless. The
entire point is that the sender has no rights in this matter. The spammy sender
does not have the right to choose the spam elimination tools used by the
All SPF does, all it has ever done is to provide a way to specify that an
outgoing edge mail server is endorsed by a domain. All else is at the absolute
discretion of the recipient.
From: ietf-bounces(_at_)ietf(_dot_)org on behalf of Frank Ellermann
Sent: Wed 14/12/2005 9:06 PM
Subject: Re: Publication of draft-lyon-senderid-core-01 in conflict with
Douglas Otis wrote:
The "opt-out" of PRA is actually "opt-in" using the
"spf2.0/pra ?all" record.
No, the PRA spec. claims that you "SHOULD" get PRA for a pure
v=spf1 policy, and if you don't want PRA for whatever reasons
you have to "opt-out" from PRA with a dummy spf2.0/pra policy.
That's "opt-out" like the opt-out-doubleclick cookie, "don't-
call-me" lists, and similar schemes. Of course the SPF spec.
says that checking other mail identities (not limited to PRA)
against v=spf1 without the prior and explicit consent of the
v=spf1 publisher is NOT RECOMMENDED.
These concerns were expressed here:
It's almost a year older and also known as "Olson objection".
From my POV it was always obvious, I used a cute 2476 MSA with
"enforced submission rights" (6.1) and a Sympa mailing list in
2004, and both would result in PRA FAIL for legit mail from me
if checked against my v=spf1 policy (IIRC set up in May 2004).
Ietf mailing list
Ietf mailing list