ietf-mxcomp
[Top] [All Lists]

Re: clarification on consensus call for compromise

2004-09-10 14:54:01

There has been quite a bit of discussion here about either removing scopes or allowing some sort of universal or wildcard scope.

I would not support such a concept because it lessens the strength of what a domain is saying by publishing records. In particular, if a domain were to publish (making up a syntax...):

        example.com. IN A SPF2 "spf2.0/* +mx +a -all"

We have to wonder what this record says. It authorizes a set of hosts to use the domain "example.com" as part of which identities in mail? All of them? Including identities that we haven't named a scope for yet?

I certainly wouldn't publish such a record for my domain, as I don't know what I'm making such an assertion about. While I might be willing to believe that the "+mx" and "+a" directives are going to be reasonable for any such identity (after all, the reference machines I presumably have control of), I can't make such a statement about "-all". I don't know that there might be some notion of identity, as yet undefined, for which I'd need to include other hosts.

While other site owners might be willing to take such risks and publish such records, the ability to do so lesses the effectiveness for the whole scheme. If domains are able to make claims like "We didn't know about that identity check when we published "spf2.0/*" - you can't ding our reputation based on that check." or " - you can't reject mail that doesn't pass", it means that the whole scheme is diminished.

In short, when we say "domains authorized the use of identity X by publishing an SPF record" we do so because we are going to hold them accountable if the authorization passes, and reject if it fails. And for those actions to have any force, the declaration of authorization has to be incontestable.

        - Mark

Mark Lentczner
http://www.ozonehouse.com/mark/
markl(_at_)glyphic(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>