On Tue, 2004-07-20 at 09:36, Margaret Olson wrote:
Evaluating the PRA based on records published for SPF-classic is not
valid. SPF-classic publication is itself a non-representative
subsection of the net, and on top of that SPF classic records are not
Sender ID records - the semantics are different - so "pass" and "fail"
does not mean anything.
Actually, this is exactly what SenderID proposal is based on -- the
assumption is that published SPF records will be effective when used
against the PRA. The proposal depends on this, so it's good that it's
actually getting tested.
I see PRA as a first step of possibly several in our quest to determine
what identity to check. Eventually, if Submitter becomes widely used,
we will reach a point where SUBMITTER is either there, or we fall back
to MAIL FROM, and then we will be close to where SPF Classic would be if
we had continued down the SRS path.