spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Forking SPF into The New SPF and SPF1

2004-06-07 10:36:04
from [Seth Goodman] [Permanent Link] 
From: Stuart D. Gathman
Sent: Monday, June 07, 2004 12:05 PM


On Mon, 7 Jun 2004, Michel Py wrote:


This is exactly why I supported the following suggestion that Tim made
some time ago:


Tim Meadowcroft wrote:
v=spf2 xml=http://www.schmerg.com/spf.xml mx -all
This way you get the best of both worlds - let the 'market(s)'
decide how much they want XML...


Your implementation can choose to ignore the xml string, the only extra
code required in the parser would be to understand that it's there and
jump to the old-style syntax.


This makes SPF1 a prerequisite to using SPF2.  By sticking with the
current _ep subdomain scheme for SPF2, the layers are more independent.

I do agree, however, that the XML data is too large for DNS and
ought to be fetched via TCP.  However, the existing _ep format
can contain the link.


But what do we gain by doing all this extra work after we've accepted a
message?  I don't know about you, but my header and content filtering tools
work well enough as it is.  Virtually nothing gets through them and I
haven't had a false positive for months.  The problem to be solved is
_rejecting_ more junk, not improved post-DATA filtering.  I would oppose
trying to do anything with XML in real-time.  At the same time, I suspect it
_may_ be possible to do _some_ DATA phase checks in real time using existing
SPF syntax.

One possibility might be the existence of an S/MIME signature, if the domain
owner says all mail from their domain has one.  The MTA doesn't have to
verify the signature, only that the message appears to contain one, and
reject at the end of DATA if it doesn't.  If there does appear to be a
signature, the MUA does the verification work.

Publishing a whole XML schema for post DATA filtering, in addition to an SPF
record, is not only distasteful from the domain owner's viewpoint, I fail to
see what it would improve.  I am suggesting that anything we build that
doesn't result in more rejections is fundamentally a waste of our time,
because existing post-DATA filters already work so well.  Can't we try to
figure out if there are _any_ DATA phase tests that are feasible in real
time based on the lightweight SPF syntax?

--

Seth Goodman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Forking SPF into The New SPF and SPF1, Tim Meadowcroft
Next by Date:  RE: SPF: Not just a clever idea, Julian Mehnle
Previous by Thread:  RE: Forking SPF into The New SPF and SPF1, Stuart D. Gathman
Next by Thread:  Re: Forking SPF into The New SPF and SPF1, Tim Meadowcroft
Indexes:  [Date] [Thread] [Top] [All Lists]