Douglas Otis wrote:
Who is really most deserving of this eloquent message?
The verbose variant wasn't suited for a mailing list open
for the public includinng children.
Care to comment on this message?
http://www.imc.org/ietf-mxcomp/mail-archive/msg05502.html
When you say that PRA is incompatible with v=spf1 policies
you're right. That is _old_ news, see also Meng's article:
<http://article.gmane.org/gmane.mail.spam.spf.discuss/8119>
Or Wayne's comment about it:
<http://article.gmane.org/gmane.mail.spam.spf.discuss/8162>
You are ignoring a reality that Microsoft has usurped the
definition of the v=spf1 record and clearly has this record
in their pocket.
This is not the case. See below what I'e written to two IESG
members, as far as I'm concerned everybody can read it. Some
days old, the new draft is now -02 and not more -01, bye, Frank
[does draft-lyon-senderid-core-00 obsolete SPF version 1 ?]
No, it is only trying to use several hundred thousands published
v=spf1 policies for the similar spf2.0 scheme. These schemes are
partially incompatible. The PRA is not necessarily related to the
MAIL FROm, that's why MARID first decided to introduce spf2.0/pra,
later adding spf2.0/mfrom - the latter is compatible with v=spf1.
After MARID was closed the SPF community resumed its work on v=spf1,
resulting in the drafts from Mark Lentczner and later Wayne Schlitt.
The Schlitt drafts clearly say that testing v=spf1 policies with
something they were never designed for (like the PRA algorithm) is
NOT RECOMMENDED. It can result in loss of legit mail. This issue
has been discussed on many lists (spf-discuss, MARID, IETF general,
etc.).
The new Schlitt draft -01 (published yesterday) explains the issue
with the NOT RECOMMENDED better. The new wording should make it
clear that of course using the PRA algorithm with any spf2.0/pra
policy is no problem - actually almost nobody in the SPF community
cares about the PRA. But using PRA with v=spf1 will cause havoc.
I'm surprised why there was a note to the RfC editor proposing to
remove the old NOT RECOMMENDED from the old Schlitt draft -00,
while there was no note to remove the SHOULD from draft Lyon -00:
| SHOULD interpret the version prefix "v=spf1" as equivalent to
| "spf2.0/mfrom,pra"
This is plain wrong. No v=spf1 policy was designed to survive a
PRA test. Many v=spf1 policies were published long before MARID,
when Sender-ID was still Caller-ID. A v=spf1 policy is _almost_
equivalent to spf2.0/mfrom (the latter has no HELO check, but it
checks MAIL FROM), but it is incompatible with spf2.0/pra. The
new draft Lyon -01 still has the same serious technical problem.
Bye, Frank