-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not quoting as I couldn't find anythine appropriate to quote. Read the
previous email in its entirety for context.
It makes me wonder whether we would really want to add complexity like the
above. I believe the K.I.S.S. (Keep It Simple, Stupid) applies here. Yes,
XML can handle it. So could any other way of serializing data structures,
however. SPF syntax could do it as well, as you have shown.
We already have serious problems trying to get HTML and CSS to behave the
same in both IE and Mozilla. I would hate for that to transfer into
something that should be simple. In the email world, it isn't X vs. Y. It's
A vs. B vs. ... Z. We have to make sure that every implementation behaves
in exactly the same way. There is no room for ambiguity or contradicting
results here. We can't get two web browsers to agree on a simple XML
document. How can we expect to get 30+ implementations to agree on a
different kind of XML? Extensibility is actually a bad thing, because we
can't extend the syntax without upgrading every implementation out there.
Let's return to the original intention. We want to establish authority for a
server to send email for a domain. That's it. We aren't going to be sending
emails for every email we receive for a domain; that doesn't scale, and you
get into a situation where you can actually start recursive mails. I know
that what you are describing is hypothetical, and I know that you would
propose ways to work around these problems. But the point is that anything
beyond establishing authority should be out-of-bounds and beyond the scope
of this group.
The original SPF syntax allows domain owners to express which servers are
allowed to send email beautifully. Sure, it can't express every situation
out there, but it expresses the vast majority of cases remarkably well. In
the cases where the SPF syntax doesn't do a good job of expressing which
servers are good or bad, the domain owners should probably find some way of
simplifying their setup. There are already mechanisms where you can have a
specific server calculate whether to deny or allow a server to send email
based on all the information that's available when that decision needs to
be made. What more can you possible want, without leaving the area of
authentication?
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFA0ILZBFeYcclU5Q0RAhdoAKCW4WZ/uNGRRtm/1thslhc3VltbeQCeJvRL
d9Df59W2slMcP64uDBaWTfI=
=jhOV
-----END PGP SIGNATURE-----