I'm, by and large, with Frank. We need to get the existing v=SPF1
documented in an experimental RFC and then move on to whatever comes next.
I do think that some added cautions wrt DNS loading and security risks may
be in order. I'm thinking that one over.
I wouldn't slow down the progress on the SPF standard, but be prepared to
make some changes to the parts relating to inter-operability.
But the current RFC effort is meant to describe the CURRENT practice. I
really think that for v=SPF1 we need to limit ourselves to codifying what's
in place. I wouldn't propose any changes to the current spec that directly
affect processing or creation of records.
Amen to this! Please, let's get a standard describing the status quo
out the door. In this, I agree with Frank and Scott 100%.
-- George Mitchell