spf-discuss
[Top] [All Lists]

Re: New macro proposed %{u}

2004-02-02 07:15:43
On Monday 02 February 2004 1:46 pm, Julian Mehnle wrote:
I can see the benefit of this, but please be aware that:

a. ident responses do only make sense if the sending host is trustworthy and 
not compromised, and
b. many mail server hosts don't run an ident service, and
c. SPF clients would have to support making ident queries.

I don't like (c) at all, and (a) and (b) probably reduce the usefulness of 
your proposal to nearly zero.

As for (a), presumably any domain putting %{u} in their SPF record would 
already have arranged so that sending hosts are trustworthy and not 
compromised. In fact that is true for any SPF-authorized host anyway, so I 
can't see the point of the objection.

As for (b), it would not make sense to use %u unless you are running identd. 
Another way of putting this is that you need to run an identd if you wish to 
make use of %{u}. How does that make it 'less useful'?

As for (c), I'm not sure what you mean, but:

If you mean 'client' as connecting hosts: as I explained in the OP the only 
good reason not wish to run an identd is privacy. This can be fixed by 
running an identd that returns an arbitrary non-identifying token.

If you mean 'client' as the server-side implementation of SPF checking, I can 
see that complexity should be avoided. However the ident protocol is 
extremely simple, see RFC1413:

http://www.rfc-editor.org/rfc/rfc1413.txt

- Dan

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?listname(_at_)�#�Mo\�H���U;��֤͵���


<Prev in Thread] Current Thread [Next in Thread>