ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SPF "accredit" modifier

2004-04-27 07:36:48
from [Meng Weng Wong] [Permanent Link] 

On Tue, Apr 27, 2004 at 06:51:23AM -0700, Hallam-Baker, Phillip wrote:
| 
| Accreditation is out of scope here, but MARID is a component of a 
| spam solution not a complete solution in itself. 
| 
| Today       MARID + Spam filter   = improved spam situation
| Future      MARID + Accreditation = The end of spam
| 

On that note, I would like to announce that the SPF draft has added an
accreditation modifier.  It should be sufficient for linking to
accreditation services.  The deliverability industry has responded well
to this proposed addition.  Comments and criticism welcome.

5.3 accredit: Sender Accreditation

      accreditation = 'accredit' '=' domain-spec

   The argument to the accreditation modifier is a domain-spec to be
   macro-expanded and queried.  The result of the query is interpreted
   according to the definitions set forth by the accreditation service.

   For example,

      accredit=%{d}.accreditation-provider.example.com
      accredit=%{ir}.accreditation-provider.example.com

   This facility allows the publishing domain to make independently
   verifiable assertions about itself in machine-readable form.

   Multiple "accredit" modifiers may appear in one SPF record.

   The "accredit" modifier is OPTIONAL.  SPF publishers MAY omit it.
   SPF clients MAY ignore any or all "accredit" modifiers.  If a
   receiver does not recognize the domain-spec argument, it MAY ignore
   the modifier.

   It is expected that SPF-enabled receivers will maintain a library of
   recognized accreditation providers, keyed by the domain-spec.  An
   accreditation provider is responsible for describing the protocol
   it uses to encode assertions.  For example, suppose an accreditation
   provider supports DNS "A" queries against the expanded domain-spec.
   Suppose a result of NXDOMAIN means "domain is not known to the
   accreditation service."  Suppose a result of "127.0.0.10" means "the
   accreditation service vouches for the integrity of the sender
   domain."  Accreditation providers can make up any protocol they like
   as long as they can convince receivers to use it.

   Accreditation is only meaningful if the result of the SPF query is a
   PASS.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Hallam-Baker, Phillip
Next by Date:  Re: Can you ever reject mail based on RFC2821 MAIL FROM?, Matt Sergeant
Previous by Thread:  On a related note - Service Liability, Hector Santos
Next by Thread:  Re: SPF "accredit" modifier (shame!), Matthew Elvey
Indexes:  [Date] [Thread] [Top] [All Lists]