On Tue, 2008-04-08 at 18:50 -0400, J D Falk wrote:
Or there will be paranoid admins who would want to state "we don't send
any mail at all from *, unless I state otherwise in a more-specific
record." In other words, they'd be trying to change the default state
from "unknown" to "discardable." Some of my personal domains would
benefit from this; they're the ones where I currently have "v=spf1 -all"
records.
This strikes me a particularly interesting one. It's not pure paranoia
so much as fail-safe / default-access-denied thinking (not that this is
access-control per se).
Setting aside questions of whether consensus has already been reached,
and the painful technical details of trying to deal with hierachies of
names rather exact matches with individual domain name, it strikes me
that any reasonable "outsider" will look at a spec that doesn't allow
him to specify in one step (rather than hopefully-correctly attached to
every single zone entry now and through all future changes) "Acme Corp's
email is ALL signed, or it's not ours" and wonder what the spec authors
were thinking.
- Roland
--
Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd
3 Phillip Street, #13-03 Commerce Point, Singapore 048693
Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463
roland(_dot_)turner(_at_)boxsentry(_dot_)com | www.boxsentry.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html