rough consensus. However, the long standing IETF mantra has, to the
best of my knowledge, been "rough consensus *AND* working code". What
we lack with most proposals is working code.
I think implementations are a good thing, a very good thing.
However, RFC 2026 mentions that to get a Proposed Standard RFC
implementations are not required (though they are encouraged).
We really do need working code. Publishing records is fine, but until
people start running a lot of mail through MARID authentication
checkers, we won't know whether it really scales or how easy it is for
bad guys to circumvent. This doesn't mean that you have to use it for
live spam filtering (you'd be nuts to bounce mail that failed SPF, for
example) but at least log it and count what you find.
I know there's open source code for domain keys coming shortly. What's
available for SPF, Caller ID, and the merged thing?
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com