The algorithm has to take that in account else the algorithm is not going to be
popular.
There seems to be a big disconnect here between reality. None of the proposals
can specify with 100% certainty what will happen with the published data. For
example, with the record below, what happens when a fowarder does not use SRS
or SUBMITTER?
All the algorithms used have to take this fuzziness into account.
If so, I would agree: I am against wildcard scopes. I would also say that
I'm for at least one universal/mandatory scope.
This is impossible and/or unrealistic.
For example, what are you going to mandate about the reality of incomplete
adoption of a forwarding solution for MAILFROM?
At 02:53 PM 9/10/2004 -0700, you wrote:
There has been quite a bit of discussion here about either removing
scopes or allowing some sort of universal or wildcard scope.
I would not support such a concept because it lessens the strength of
what a domain is saying by publishing records. In particular, if a
domain were to publish (making up a syntax...):
example.com. IN A SPF2 "spf2.0/* +mx +a -all"
We have to wonder what this record says. It authorizes a set of hosts
to use the domain "example.com" as part of which identities in mail?
All of them? Including identities that we haven't named a scope for
yet?
I certainly wouldn't publish such a record for my domain, as I don't
know what I'm making such an assertion about. While I might be willing
to believe that the "+mx" and "+a" directives are going to be
reasonable for any such identity (after all, the reference machines I
presumably have control of), I can't make such a statement about
"-all". I don't know that there might be some notion of identity, as
yet undefined, for which I'd need to include other hosts.
While other site owners might be willing to take such risks and publish
such records, the ability to do so lesses the effectiveness for the
whole scheme. If domains are able to make claims like "We didn't know
about that identity check when we published "spf2.0/*" - you can't ding
our reputation based on that check." or " - you can't reject mail that
doesn't pass", it means that the whole scheme is diminished.
In short, when we say "domains authorized the use of identity X by
publishing an SPF record" we do so because we are going to hold them
accountable if the authorization passes, and reject if it fails. And
for those actions to have any force, the declaration of authorization
has to be incontestable.
- Mark
Mark Lentczner
http://www.ozonehouse.com/mark/
markl(_at_)glyphic(_dot_)com