Douglas Otis wrote:
The "opt-out" of PRA is actually "opt-in" using the
"spf2.0/pra ?all" record.
No, the PRA spec. claims that you "SHOULD" get PRA for a pure
v=spf1 policy, and if you don't want PRA for whatever reasons
you have to "opt-out" from PRA with a dummy spf2.0/pra policy.
That's "opt-out" like the opt-out-doubleclick cookie, "don't-
call-me" lists, and similar schemes. Of course the SPF spec.
says that checking other mail identities (not limited to PRA)
against v=spf1 without the prior and explicit consent of the
v=spf1 publisher is NOT RECOMMENDED.
These concerns were expressed here:
http://www.imc.org/ietf-mxcomp/mail-archive/msg05502.html
It's almost a year older and also known as "Olson objection".
From my POV it was always obvious, I used a cute 2476 MSA with
"enforced submission rights" (6.1) and a Sympa mailing list in
2004, and both would result in PRA FAIL for legit mail from me
if checked against my v=spf1 policy (IIRC set up in May 2004).
Bye, Frank
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf