On Monday 02 February 2004 1:46 pm, Julian Mehnle wrote:
I can see the benefit of this, but please be aware that:
a. ident responses do only make sense if the sending host is trustworthy and
not compromised, and
b. many mail server hosts don't run an ident service, and
c. SPF clients would have to support making ident queries.
I don't like (c) at all, and (a) and (b) probably reduce the usefulness of
your proposal to nearly zero.
As for (a), presumably any domain putting %{u} in their SPF record would
already have arranged so that sending hosts are trustworthy and not
compromised. In fact that is true for any SPF-authorized host anyway, so I
can't see the point of the objection.
As for (b), it would not make sense to use %u unless you are running identd.
Another way of putting this is that you need to run an identd if you wish to
make use of %{u}. How does that make it 'less useful'?
As for (c), I'm not sure what you mean, but:
If you mean 'client' as connecting hosts: as I explained in the OP the only
good reason not wish to run an identd is privacy. This can be fixed by
running an identd that returns an arbitrary non-identifying token.
If you mean 'client' as the server-side implementation of SPF checking, I can
see that complexity should be avoided. However the ident protocol is
extremely simple, see RFC1413:
http://www.rfc-editor.org/rfc/rfc1413.txt
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname(_at_)�#�Mo\�H���U;��֤͵���