On Mon, 22 Jan 2007, Alex van den Bogaerdt wrote:
On Sun, Jan 21, 2007 at 09:16:35PM -0500, Stuart D. Gathman wrote:
We are only certifying the SPF result.
I disagree. We certify what the application claims to be the SPF result.
Well, OK. But we have no tools for doing that at the moment.
So I guess you are saying we should put off certifying anything until
we have some way of checking the entire application. I suppose we
could require source code and have some approved programmer make
a professional judgement. But the nice thing about certifying just
the SPF library is that the process is largely automated and objective -
even if the scope is limited.
Here is an idea - maybe we can't practically test ahead of time for
mislabelling non-SPF results as SPF. But we *can* state in the rules that any
product caught doing so will immediately have its certification withdrawn,
and have some onerous process to get recertified.
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735