I vehemently object to standardizing fragmentation of e-mail via scope,
especially when one scope is proprietary one from an entity who in the past has
used monopoly leverage to "embrace and extend" as a means to convert de facto
standards into proprietary standards.
We will end up with a fragmented internet e-mail system separated into
proprietary (pra) and free software (mailfrom). I will never vote to give
ammunition to any attempt to fragment the fundamental protocols of the internet
into proprietary and free software camps. That is entirely against the spirit
of what has made the internet successful worldwide. Do we really need another
"browser wars" in e-mail?
Instead I support a single DNS record which can be used by either proprietary
(pra) or free software (mailfrom).
If Microsoft wants to use their leverage to popularize a DNS record which can
they can use in their proprietary software, which can also be used by free
software, then I would fully support that. This is quite different from giving
a vote of approval for Microsoft to use their leverage to "embrace and extend"
the core internet. Microsoft can freely use their leverage to create a
separate DNS scope without the endorsement of the community concensus, but we
must not encourage that by endorsing fragmentation as a standard.
Also there is no compelling technical advantage to a fragmented scope. The
fact is that per-domain anti-forgery will not stop all forms of phishing or
e-mail forgery, nor will it stop spam. For example, in pra, the Resent-Sender
could be not forged, but the From: header could be forged. In mailfrom, the
MAIL FROM: envelope could be not forged, but the From: header could be forged.
These proposals can help anti-spam as an added input data regarding the source
of an e-mail to feed into probability anti-spam analysis, as well perhaps
others will explore different UI approaches to presenting the datum. It will
require experimentation and new innovations in using this new data, so the
larger risk is on fragmenting who can use which data. IMO either proposal
might be quite effective at stopping phishing in some scenarios. But in no
case does this potential success justify fragmenting the core internet i the
process of trying to achieve some marginal improvement in e-mail source
authentication.
Additionally there are technical advantages to not polluting the DNS with
proliferation of "extend and embrace" wars on e-mail.
I completely agree that getting Microsoft and other corporate players on board
is very helpful, but not at the cost of the other future billions of internet
users who will probably use free software (third world countries for example,
such as the UN's recent efforts to increase penetration in Africa using free
software).
-Shelby Moore
http://AccuSpam.com