When that message is sent over SMTP, in The New SPF, mail would show up as:
MAIL FROM:<mengwong(_at_)pobox(_dot_)com> SIZE=1000
RFROM=<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
Please note, that this changes the nature of SPF entirely. You cannot explain
this to most of those setting up small e-mail systems. Therefore, the adoption
of New SPF will need to get into the big mail services first, and then be
transferred to smaller mail services as they try to stay on top of technology.
I don't believe that this will happen unless it's shrinkwrapped into the e-mail
packages delivered by major players like Microsoft, Red Hat, FreeBSD, Debian
etc., so that you almost can't avoid using it.
Also, I believe that it is very important to have in mind, that a world with
coexisting SPF and New SPF will exist for quite some time - when the next
version of spamassassin hits the street, it will contain SPF but not New SPF.
As we evaluate this new proposal, it's important to distinguish
between two eras: before the flag day, and after the flag day.
I don't believe in flag days :-) The SPF validation code is spread across so
many software packages, and a lot of SPF filtering code that is out today, will
still stick around in 3 years. Also, the last time we had a real flag day that
made most people care, was januar 1st, 2000... ;-)
However, The New SPF points out that the joe-job protection promised
by The Old SPF was largely illusory: to really get that protection,
the whole world had to become SPF compliant.
It is not realistic to think that every mailsystem out there has implemented
new antispam techniques even 7 years from now. I still see Windows 95 computers
around that receive e-mail, and 5 year old software receiving e-mails via smtp
are also still widely deployed. No new technique will eliminate joe-jobs 100%
in the first 5 years after it's initial deployment.
SPF, however, is very good at preventing joe-jobs. It doesn't do it 100%, but
no system can do this within a few years. Until then, we need a system that has
a high adoption rate and solves the job well - and old SPF does this very well.
It's a good thing that development continues, but we also need some return of
investment now.
Lars.