Ok, yesterday we finished up the IETF Iterim MARID Meeting. Today,
I'm decompressing. As I type this note, I'm sitting in a bunch of
ancient redwoods, but it is foggy and I can't see the forest for the
trees. On my journey here, I saw the results of a bad accident. I
hope no one was hurt. I have no net access but, since I lack wireless
on my laptop, I haven't had much next access for several days and
won't again until next week.
I'm glad I attended the IETF meeting, I learned a lot, and I hope I
my comments during the meeting were even half as useful as others.
Now that I've had some time to think about things, I must say that I'm
am feeling quite queezing about the direction that SPF has taken.
Meng asked a question along the lines of "would anyone object to
getting rid of SRS if we could find a better way?" I know of no one
that likes SRS. It is ugly. Who would say no? The problem is that I
think the FRED STMP parameter (aka the RFROM), is no where near as
workable and have strong doubts that it is a better way.
Meng also has publicly committed to MicroSoft and the IETF to drop
RFC2821 MAIL FROM checking in favor of RFC2822 From: header checking.
Again, who wouldn't want to check the RFC2822 headers? Meng has
publicly accepted that the "caller-id algorithm" is good enough. Jim
Lyon has said that the C-ID algorithm is good enough to mean that "95%
of the people out there won't have to do anything." Unfortunately, 5%
of all email is still a huge amount.
I would like to believe Jim Lyon and Harry Katz from MicroSoft. I
have no reason to believe they are lying or misleading us. I am,
however, very nervous that they are looking at the different data, or
looking at the data differently. There has been no public
demonstrations of the effectiveness of the C-ID algorithm. There has
been no published testing results. The development of the C-ID
algorithm for extracting the "responsible domain" from the mail
headers has all been done behind closed doors. We don't know the
trade offs nor had a chance to make suggestions about alternatives.
(cool, a deer just walked by about 20ft away from me.)
Unfortunately, since Meng is the SPF author and he has publicly
committed to these changes, I think it will be very hard to change
directions again. The new "caller-id/SPF" merged draft will be
developed by Harry, Jim and Bob from MicroSoft, I think Meng, and
maybe Mark. According to Jim, we should see the first results within
two weeks.
We all want to see spam stopped. We all want the best solution
possible and for it to be adopted as quickly as possible. Having
support from MicroSoft to use the existing SPF records is fantastic.
With MicroSoft and IETF backing, I think we can move much quicker in
many ways. Unfortunately, I think we have also made a grand leap into
the dark, and I have no idea if the C-ID algorithm will really work
anywhere near as well as is claimed.
I am queezy.
-wayne