--"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
I still fail to see how the identities matter.
All we are doing here is listing the IP addresses of our outgoing
mail servers.
I can be absolutely certain that is all we are doing since that is
all that we will be telling the network admins to do.
I agree with Phill here.
The forwarding problem means that we can only ever validate the last
link in the chain and that as a result it is only ever possible
to know with certainty that a message is genuine, it is not possible
using the information from Sender-ID ALONE to know that a message is
defnitively fake if it purports to be forwarded.
Agreed. The message should be shown as "from the forwarder" because that
is the only step we are able to verify by IP. (If the receiver is not
using a forwarding service, he will probably see the actual sender's
verification, in which case LMAP has done its job and all is well.)
In the future, if MARID is a success, I can see *maybe* applying a
whitelist of trusted forwarders, and if the forwarder (or list robot) is
trusted, using the previous-hop info that they recorded. But, this is a
long-term stretch goal. MARID-brand LMAP has value in/of itself even if we
never take this second step.
I think that what we should be doing at this point is discussing
how to express the set of IP addresses. That is the part that has
the impact on what other people do.
The main complaint I and many others have of SPF is that it has
much too much flexibility. Even if you accept the need for
factored records, the macro language is far more powerful than
is necessary for that purpose.
Yes, this is a frequent complaint, though I think each of the macros are
there because someone came up for a reasonable explanation why they might
be needed (maybe for logging or creating bounce-explanation messages and
not for actual delivery).
Would you like to take a stab at naming some macros to be dropped? (And
yes, it's a serious suggestion; I'm not trying to be facetious or anything
:)
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>