wayne wrote:
The mailfrom proposal *never* had any serious technical
review.
What do you expect in less than one week from its publication
to the sudden death of MARID ? Based on protocol-03 it was a
good approximation of "classic SPF" (= draft-mengwong-spf-00).
And it reflected the scope idea. That was your proposal, in a
desperate attempt to get those [censored] in MARID to see the
light after wasting months with crap like XML-over-DNS, PRA,
SenderID, and IPR.
I, for one, never went over the marid-protocol and marid-pra
drafts with a fine toothed comb
Others did. Or started to do it, one week was a bit too short
for this procedure.
there were too many well know major problems with them that
made them unacceptable.
For mailfrom there weren't so many major problems. Your stuff
about the "validating evaluation" is nice but not absolutely
essential: Even without it it was clear that new mechanisms
won't work without a new version tag.
The FAIL stuff is just a bug, but no "major problem", it can be
fixed. Dito the macro-with-sp. The DDoS scenario is critical,
but obviously it's also possible to fix it in several ways.
For HELO there were many opinions (incl. some Nays), but minus
%{h} this is exactly one sentence in your text. Mark asked
several times what "we" want to do about this _option_ (that's
certainly not a "major problem")
the spf.pobox.com website says that the SPF-classic spec is
spf-draft-200406.
Fine, my pages use draft-mengwong-spf-00, and that's the same
in paginated RfC format with only one really minor difference.
And I also have protocol-03, mailfrom-00, lentczner-spf-00,
leibzon-submitter-00, kucherawy-auth-header-00, and a rather
old schlitt-marid-spf-from-hdr-00. Enough for my collection
of "canonical texts" before somebody starts to delete stuff.
MarkL asked what direction we should go, I said "go left"
and MarkL said "Ok, we're going right!".
He got more than your answer. The important thing from my POV
was to keep the improved syntax of protocol-03, and of course
the SPF RR for various reasons. As we have seen that's not
necessarily a contradiction, because I like most of your ideas.
But Mark got more answers than just two, and many asked for
"whatever you do, do it fast before [...]".
MarkL wasn't active in the SPF community during last winter,
he never saw the later SPF-classic drafts
Fine, maybe that explains something, and for me it would make
sense. I know nothing about what happened here before AOL's
experiment. But we all saw draft-mengwong-spf-00. For some
obscure reasons the "zone cut" idea wasn't implemeted at this
time, it wasn't explained in this draft, and the modifier
"match_subdomains" was only reserved for future use.
That is a _MAJOR_ problem, because the "solution" to publish a
sender policy for each and every host including all wildcards
is a PITA. Took me two months to find this problem and then
convince my ISP that he needs a "v=spf1 redirect=claranet.de"
for his vanity hosts (incl. me).
Shit happens, Murphy rulez, at least that was no M$ conspiracy.
Waiting for a draft-lyon-katz-spf-00 was really no option.
Fortunately, I don't see that draft. :-)
Maybe they submitted it directly to the RfC-editor as "FYI"
about a patented protocol. Just kidding, bye, Frank
P.S. just for fun: In a domain foo.bar.www.mail.host.example,
how do you determine the "zone cut" ? (Yes, you know it, and
I've now seen the answer, it's only a quiz for others here ;-)