Meng Weng Wong wrote:
The following describes in detail what I hope to accomplish
today at the SPF/ID BOF at the Inbox Event. Patches welcome.
Some notes:
- This is a rather long agenda, time management will be critical.
- Fine $50 people that come in and have not read the rationale document
:-)
But there is a three-way chicken-and-egg problem
that needs to be solved before the mainstream can
confidently reject on SPF fails.
This could be transformed from a three-way chicken-and-egg into a
two-way one, here's the rationale: In your text, the three parties are
the senders, the receivers, and the forwarders. The way I see it, there
are only two parties, the senders+receivers and the forwarders; almost
everyone is both a sender and receiver.
Therefore, the problem that senders are reluctant to publish -all does
not exist: publishing -all is a non-issue as long as the receiver does
not reject on -all before the forwarder issue is resolved.
Since my goal as receiver is to make sure that I do not discard
legitimate email even though the sender has published -all, I am not
going to reject on -all yet. As a sender, I am confident that the
receiver is not going to reject based on my -all because the receiver is
in the same boat as I am.
Consider the following strategy:
1. Encourage everyone to publish -all. Now.
2. Discourage everyone to reject on -all until SRS/DAVE happens.
3. Now we have a two-way chicken-and-egg situation which is: On one side
receivers are reluctant to reject on -all because a) we told them not to
do so b) there is risk to reject non-upgraded forwarders and on the
other side forwarders are in no rush to upgrade because they know that
receivers are not going to reject on -all.
This can be solved by numbers: when enough domains have published -all,
some receivers are going to jump the gun and reject on -all no matter
what, and forwarders that are not upgraded yet are going to feel the
heat. Since they don't want to deal with the crisis, they will upgrade.
In short:
The best way to make organizations work today on something that they
don't need until next week is to have a crisis looming on the horizon
(remember Y2K?); publishing -all now is what creates the crisis in the
future. Targeted PR about the upcoming crisis and pressure from
receivers eager to begin to reject on -all can break the two-way
chicken-and-egg.
I can understand reluctance to deliberately provoke a crisis, but keep
in mind that setting deadlines is little more than wishful thinking: you
have a small carrot (that many people wonder if it's even palatable) and
no stick.
---- THE FUTURE ----
I) "~all" needs to to become "-all" at some point.
See above.
J) crypto; aim: June 2005.
IMHO this would require time travel and/or the ability to produce a
day's work in an hour (I'm open to ideas, could use the technique for
some other projects :-)
Michel.