spf-discuss
[Top] [All Lists]

SPF spec is frozen, but I don't think it has been finalized

2004-01-27 19:40:42
In 
<200401280047(_dot_)56783(_dot_)dan(_at_)boresjo(_dot_)demon(_dot_)co(_dot_)uk> 
Dan Boresjo <dan(_at_)boresjo(_dot_)demon(_dot_)co(_dot_)uk> writes:

On Tuesday 27 January 2004 11:07 pm, Meng Weng Wong wrote:
I'm going to bring back "softfail" so people don't have to choose
between "?" and "-" --- "~" will be a happy medium.

As the spec is supposed to be frozen, I hope you are referring to SPF2?

Yeah, I would say that the spec is supposed to be pretty well frozen,
but not finalized.  There are a couple of huge differences between
bringing back softfail compared with changing the format of SPF
records to XML or switching from envelope-from checking to mail header
checking.

There are probably at least a factor of 100 more domains that have
published SPF records than MTAs that are checking SPF records.
Maintaining backwards compatibility with SPF records is far more
important.

First, softfail has been in various versions of spf1.  There are SPF
records out there right now with it.  I would guess that softfail has
been in the spec longer than it has been out of it.

Secondly, I would guess that almost all of the MTAs that are checking
SPF records are using buggy code and will need to upgrade sometime in
the realitvely near future anyway.


I would expect some more tweaks to the SPF spec before it is finalized
for spf1.  I would be shocked if any changes invalidated SPF more than
a handful of records.  For example, there might be stricter limits
placed on the number of DNS lookups an SPF record can have, in order
to prevent DoS attacks and such.  The wording of the Recevied-SPF:
mail header will probably be tightened up.  I could see adding an
*optional* modifier for people to specify an email policy that goes
beyond checking of the envelope-from header if a spec for such a
policy could be drawn up.  (Such a email policy modifier MUST NOT
change the semantics of the rest of the SPF spec, but SPF records make
a convient place to let people know about the existance of such a
policy.)

I think the window for even minor tweaks and changes to the spf1 spec
is closing rapidly.  If there are serious bugs or problems with it,
you best speak now or forever hold your peace.


-wayne


-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡