Le mardi 3 Août 2004 23:19, Douglas Otis a écrit :
These records could be something like:
"Marid_1 rf=*.big.isp.com, *.ads-r-us.com;"
About CSV, I have taken a quick look at the drafs (sorry, I haven't had the
time to read them thoroughly), and I have a question, and a remark :
- Question : SPF currently has the extremely useful and flexible "exists"
mechanism, that, combined with its built-in macro-expansion, allows for
designing very fine-grained and flexible exceptions to the general SPF rule
for a given domain, i.e. per user and subnet.
Let's say big-company.com has an SPF record listing their main outgoing mail
servers, they can easily include supplementary records that would list
field-people posting from a given ISP server, or a local office people using
their own local SMTP server, etc.
This can be most useful in a number of situations.
Does CSV have provisions for such a mechanism, or an equivalent ?
Now for the remark : I am strongly opposing to the idea of would-become-
mandatory "accreditation services".
I'm opposing to it both for philosophical reasons, and practical reasons.
First, "accreditation services" will turn into businesses, which will
translate into cost, which means that every domain that will want to send
mail out will have to support this new cost : having to pay a commercial
"accreditation" company to get listed there, if they want their mail to be
accepted.
This will introduce costs that many non-profit, personal or vany domains will
not be able to afford, and I oppose the idea that anybody should have to pay
a commercial company for being allowed to send mail.
The advantage of current blacklist systems is that no one has to pay for
getting blacklisted ;-) and, if some blacklists are commercial, such as MAPS,
you need to pay to use and query them, not to be listed in them or not...
Also, big companies that send large amounts of email will be well-know and
listed by most, if not all, accreditation services, where little domains,
small businesses and individuals that send a very small amout of mail will
mostly be "unknown" everywhere, and the acceptance of their mail might suffer
from this.
IMHO, one should be deemed innocent until proved guilty, and the
"accreditation services" system turn the things upside-down : One will be
presumed guilty unless listed as innocent. Bad, bad, bad.
The advantage of blacklists, on the opposite, is that, if ever you get listed,
there is probably a reason, and if you're not listed you're presumed
innocent. Much better.
Comments ?
--
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E