fyi;
There is a new I-D for the SPF email anti-forgery system available for
review. This draft tries to document the current practices of the
~1,000,000[1] published SPF records and ~10,000[1] deployed SPF
systems that are checking 20-100million emails per day.
See: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-01.txt
Discussions about this, and previous, drafts have been taking place on
the spf-discuss(_at_)v2(_dot_)listbox(_dot_)com mailing list. To subscribe or
read
the archives, see http://spf.pobox.com/mailinglist.html
While I have been reading this mailing list for many months and will
note any comments posted here, sending email to the spf-discuss list
or to me personally is probably better than flooding this list.
I realize that the whole subject of SPF (and similar systems) has a
certain amount of controversy to it, but for the purposes of this
draft, I am very reluctant to try debate these issues. The goal is to
document a de-facto standard. Debates about better techniques, why
SPF is evil, etc. are probably best discussed on things like the IRTF
ASRG list, SPAM-L, the NANAE newsgroup, or on spf-discuss on a
separate thread/subject.
While SPF mostly deals with the [2]821 SMTP level, there are some
[2]822 issues, in particular, the Received-SPF header. To be quite
honest, this header has kind of been neglected and could use more
refinement than most other parts of the draft. One thing I just
tracked down (after this I-D was already submitted) was that I don't
specify a CRLF at the end of the header. Ooops.
My intention is that after a two week review, I will make a "final"
revised draft and ask the IESG to consider it for a Proposed Standard
status.
-wayne
[1] These numbers are estimates as of earlier this year. They were
pretty solid back then, and have probably grown since. I have data
to back them up and they are almost certainly underestimating the real
numbers.