spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: Layered SPF was [Forking SPF]

2004-06-07 10:11:14
from [Scott Kitterman] [Permanent Link] 



-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of DJ 
Coster
Sent: Monday, June 07, 2004 12:45 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] RE: Layered SPF was [Forking SPF]


On Mon, 7 Jun 2004, Ryan Malayter wrote:


[Stuart D. Gathman]
The current SPFv1 can be "SPF LAYER 1", designed to handle the RFC2821
validation. The new SPF, "SPF LAYER 2", can then incorporate the RFC2822
validation that many people (including myself) believe is necessary. As
you mention XML allows for a lot of options here, and this is the
"layer" people would be free to ignore if they hate the idea of XML, or
have personal politics that preclude using anything that Microsoft ever
touched.


I have been quietly reading all this banter back and forth and was
thinking of this very concept when I read this post.

I agree that there should be the option of installing only the portion you
require or want.  I don't care if these are called versions 1 and 2 or
layers 1 and 2 or if they are simply "modules" that you can install or
not.

The real question I have regards how this would get done.  If you want to
simply use layer 1 (SPF1 as we know it today), doesn't that mean that we
still need everyone to do SPF with SRS?  Does that mean it won't work
since it sounds to me like SPF2 is supposed to get rid of the SRS
requirement?  Did I miss something here?  Would people be willing to do
BOTH?  I mean SPF1 w/ SRS and SPF2 for better controll where wanted?
Could a company like Microsoft implement SPF2 without SPF1 (module
approach) or would you have to install the SPF1 in order to use SPF2
(layered approach)?


I think that SPF1, even without SRS, has a lot of value.  Of the 5 domains I
own, 4 send no e-mail (1 is regularly joe jobbed) and with SPF1 you can
reject before data today on those 4 (-all).  The other domain is ~all for a
variety of reasons irrelevant to this discussion.  Even with that domain
SPF1 can give you a strong indication that there is a valid sender.  You
can't reject before data, but you can be generous in your later tests when
SPF1=Pass and more rigorous when SPF1=SOFTFAIL.

Not perfect, but still valuable IMO.



Now my brain hurts and it's only Monday.  (Must find more coffee)...

-dj


Concur on brain hurting.  Do you know that they make caffeinated
pepermints...
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF: Not just a clever idea, Graham Murray
Next by Date:  RE: SPF: Not just a clever idea, Julian Mehnle
Previous by Thread:  RE: Layered SPF was [Forking SPF], DJ Coster
Next by Thread:  RE: Forking SPF into The New SPF and SPF1, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]