As the AD who sponsored this work, I have to disagree. ...
The recent interim meeting resulted in an agreement to work on
a converged spec taking ideas from SPF and Caller-ID.
Why? These are latecomers to the field. Or is it because of this:
<http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=21100498>
Microsoft To Merge Caller ID With SPF Anti-Spam Scheme
Microsoft on Tuesday agreed to blend its Caller ID for E-mail
anti-spam proposal with another of the leading domain
authentication schemes, Sender Policy Framework (SPF).
The company reached the agreement with Meng Wong, the author of
SPF, to merge the two proposals into one specification that will
be presented to the Internet Engineering Task Force (IETF)
standards body in June.
...
I do believe there are some tractable pieces here we can pull
off of the problem and solve, and I believe the working group
is committed to that task, no matter who proposes the solution.
I think the working group is committed to the appearance of relevance,
and now that there's a moving juggernaut, it's become important to get
out in front of it somehow and appear to be leading. From [ibid]:
Both Caller ID, which Microsoft chairman Bill Gates first touted
in February, and Wong's SPF would confirm the sender's domain.
...
"We're pleased to see Microsoft and the SPF community working
together on a unified specification," said Andrew Newton,
co-chair of the IETF working group that handles domain
identification issues, in a statement.
If there's a more blatant example of rubber stamping in the history of
IETF, then I hope a better historian than I can share the archives with
me. Right now there's an elephant in the room with us and it's called
"fully verified opt-in" and this elephant is somehow invisible. Microsoft
has been doing verification for years now, so it's not as if they would
increase their costs or lose revenue if they just came out and told the
world to do the same. Even Yahoo recently sent me a verify-o-gram, so
the tide is turning. But still, the elephant remains invisible, and we
have a federal anti-spam law that allows unverified opt-out.
It's as though we want to stop forgery and make everybody run
nonexecutable stack segments in XP to prevent a bazillion bots from
relaying spam to us, so as to prevent "wild spam" and yet, by dint of
ignoring the invisible elephant, ensuring that it will always be
possible for "reputable" companies to spam like crazy. Which always
made sense to me during the years when Microsoft wasn't doing
verification, but it doesn't make any sense to me any more.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf