[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-07-04 17:59:04

Bruce Lilly wrote:

LMAP is IRTF. darft form, not IETF.  R = research; not ready
for prime time.

The IRTF is essentially dead for more than a year.  The last
new and nice proposals were SIQ and a memo about blacklists:

2005-03 draft-irtf-asrg-iar-howe-siq-01.txt
2004-11 draft-irtf-asrg-dnsbl-01.txt

 [SPF vs. Sender-ID RfCs]
None are standards or pending standards, or Standards Track,
or anything similar.  At best, Experimental.

At best contradicting themselves and incompatible.  SPF wanted
a proper last call, review, and status as a proposed standard,
after all it's deployed widely, working as designed, and the
draft was especially written with your famous reviews in mind.

Unlike the three Sender-ID I-Ds, which never tried to survive
a proper "last call" and community review.

But the 'Industry Enforced Standards Group' decided to publish
it as "experimental" together with an incompatible commercial
"pat. pend." proposal trying to abuse several hundred thousands
of v=spf1 policies for a dubious Purported Responsible Address.

Of course an RfC 1123 5.3.6 (a) alias is bad for the 551 case,
and an SPF-FAIL could emulate the "551 user not local" effect.

If a receiver wants something better it's his business to get
it right, testing an original MAIL FROM behind his border MTA
against a set of sender-permitted IPs cannot work.  Bye, Frank