Jim Lyon wrote:
In summary, the requirements that drove the
current design include:
1. It MUST be possible for organizations to publish email
policy records without installing any new software. (This
pushes us toward TXT records.)
Douglas Otis wrote:
There is an aspect of Jim's comment that
deserves clarification.
To the contrary, I don't think there is, as he specifically used the
word "publish"; Jim's text is perfectly clear to me. I'm not sure that I
parsed your reply correctly, but it appears that you are not making any
difference between "publish" and "implement", when they are the two
opposite ends.
"Publish": for your own domain(s), you add/configure the SPFID record(s)
in DNS.
"Implement": when the MTA that receives an email that _appears_ to be
coming from your domain, it queries DNS and checks the IP against the
record you published to find out if it's a joe-job or not, and possibly
reject if it is.
It is clear that implementing will indeed require new software. Our goal
is that everyone both implements and publishes, in the long run this is.
However, we should keep in mind that:
- Implementing is optional. It is up to the MTA's administrator to
decide if the benefits of implementation are worth the cost. Or job
indeed is to make it worth it, and part of what makes this decision is
the number of domains that have _already_ published (if nobody
publishes, implementing is useless). After all, if one is not bothered
by receiving joe-jobs, one does not see the need to implement. And since
SPFID does not solve the spam issue right now, one might consider
delaying implementation until it brings more to the table.
- Publishing is also optional. The IETF does not have the power to make
the diktat that, starting on a specific date, everyone MUST publish
(because we don't have an enforcement mechanism).
In other words: it would be nice if we could force everyone to publish,
but we can't. Although there are incentives to publish, the massive
adoption can occur only if publishing is fast, simple, easy, and free.
Therefore, we MUST comply to: either the requirement that Jim originally
wrote or the following one (which are the same written differently):
1. Organizations that wish to publish email policy records MUST NOT be
required to install or upgrade any software.
Michel.