--wayne <wayne(_at_)midwestcs(_dot_)com> wrote:
Unfortunately, this merger has caused deep divisions in the SPF
community. Meng had previously run things pretty much by rough
consensus. When the XML issue last came up, it was rejected, pretty
much the way it has been rejected this time.
You are right. I imagined that people would have an emotional reaction to
XML. I did. What I was surprised by is the number of people willing to
act on their emotional reaction to it. But, it's a factor we have to
consider.
Personally, I have at least as many problems with the "caller-id
algorithm" to select the domain to check. It is rapidly changing, and
untested. It will require changes to most MUAs to correctly display
the verified address before it will become useful. It doesn't stop
bounces until after the "flag day". From what I know, the C-ID
algorithm breaks around 20% of the mailing lists, where-as SPF breaks
none.
The PRA algorithm is a more fundamental change than XML. But, I think
based on my experience here, and in SPAM-L and MARID, it is still possible
to get what most domain owners want out of the new selection method.
In other words, not operating on any message headers is seen as a defect in
SPF, and not operating on the envelope info is seen as a defect in CID. I
am willing to consent to groveling through DATA headers, in order to get
the best of both worlds, provided there is a coherent strategy for getting
2821 MAIL FROM rejections as a logical next step.
I think it's a good thing. If it turns out to not be a better thing than
SPF+SRS, then we still have the option of rolling out SPF+SRS.
I waited over a week after first learning about the merged SPF/C-ID
before I made up my mind about the New SPF. I wanted to consider the
technical and political issues.
I have made up my mind: I am very much against the new SPF. The use
of XML is out of the question, and the "caller-id" algorithm for
selecting the domain to verify is to vague and untested.
I wonder if people feel that XML is really the deal-breaker. If we could
go back to MS and tell them XML is off the table, and still get an
agreement, I wonder if people would support that? Your concern about PRA
is a valid one but perhaps by itself it wouldn't be a deal-breaker.
Personally I really *like* the idea of providing freedom of choice to
domain owners, but the downside is that MTA receivers *must* support both
in order to really give domain owners a free choice. There has been a lot
of loud objections to XML, but how many of those come from MTA plug-in
coders? (I can tell where James stands, but I haven't heard from any other
implementers that I know of.)
So Greg, will you pull together with what is apparently the rest of
us?
I don't see any reason for an ultimatum just yet. Wouldn't that be ironic
if the SPF community came together in force and showed enough support to
drag MS to the table, only to be torn apart from within?
For now, I am speaking my mind, and to some extent trusting Meng to do the
right thing. I encourage everyone to do the same. I encourage everyone to
do the same. There is no contract to sign, no deadline approaching...
let's wait and see what happens.
gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>