On Sep 8, 2004, at 5:06 PM, wayne wrote:
Publishing SPF records with PRA information has never been a problem
for me (and I think for most others).
The problem is the PRA can not be implemented in most F/OSS MTAs and
spam filters.
Is this a double standard? You do not wish to be restricted by the
encumbrances of another's license yet you wish to restrict others to
the encumbrances of your software license.
This compromise gives those unwilling to accept the license for PRA the
ability to check MAIL FROM while allowing those willing to accept the
license for PRA the ability to check the PRA. However, everybody can
publish both.
The PRA is an 2822 identity, which does not cover the
same problem space as the 2821.MAILFROM. The suggestion of using
2821.MAILFROM to get around the SenderID patent mess is like
suggesting using DES to get around the RSA patent mess. Yeah, they
vaguely cover the same general area, but really, they are quite
different.
Just because an identity appears in the same RFC does not mean it has
any better relationship for sender authentication. Certainly
2821.MAILFROM and 2822.From are more closely correlated than 2822.From
and 2822.Cc.
If you could come up with a proposal that has broad consensus that
covers the 2822 identities, I could see letting both that proposal and
the PRA going forward. However, I don't see any such proposal.
The syntax does account for future scopes. However, if we cannot
advance the two scopes the people on this list have said they would be
willing to deploy and instead wait around for the definition of a third
scope then where do we stop, on the tenth defined scope?
-andy