In <9BE025E8-0662-11D9-B753-000393A56BB6(_at_)glyphic(_dot_)com> Mark Lentczner
<markl(_at_)glyphic(_dot_)com> writes:
On Sep 13, 2004, at 8:39 PM, wayne wrote:
I again ask that the "v=spf1 " magic number be interpreted as
"spf2.0/mailfrom,helo" in the SenderID spec.
Since "v=spf1" has always been experimental, and changing over time,
and hence there is no normative reference for it, I do not think that
the next round of drafts should include any official endorsement of
what to do with such records.
Uh, say what?
Yes, there have been some changes to the SPF spec since last November,
mostly in the area of where can be placed modifiers. Still the
marid-protocol spec is almost completely compatible with every SPF
spec I can think of.
In all the time that we have been discussing using SPFv1 records in
this working group, I think this is the first time I've heard anyone
claim that they should not be used because they are "experimental."
We have heard for people who say that the PRA scope is not the same as
the mailfrom and helo scope that SPFv1 uses, and therefore the PRA
should have a different record, but that is a different subject.
Furthermore, the use of the HELO domain in the classic SPF check does
not constitute a check on the HELO scope: It is not ascertaining the
authorization of the use of the domain name in HELO. The use of the
HELO domain to construct a MAIl FROM identity when the reverse-path is
null ("<>") is still checking the authorized use of the domain name as
a MAIL FROM name. It does not constitute a blanket assertion about
domain use in HELO.
As far as I can see, this is a distinction without a difference.
SPF-classic would use apply the check_host() function on the HELO
domain in almost exactly the same way that the Unified-SPF HELO check
would.
All HELO domains would are subject to this checking under
SPF-classic, and thus this should be acknowledged.
If you want to continue to make a distinction without a difference,
call this the mailfrom-helo scope, or the null-mailfrom-helo scope or
something.
It completely boggles me that you would suggest throwing out the
deployment of maybe up to a million SPF records deployed over the last
10 months, just because they are "experimental".
-wayne