spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Microsoft & Sender ID - SPF confusion as of mid July 2004

2004-07-14 11:57:32
from [Holm, Mark] [Permanent Link] 
I have been following the list casually on the archives and decided to join in 
order to make this point.

There is still a pretty big difference, at least to the uninitiated, between 
what Microsoft is publishing publicly and what the SPF community is saying.  
This can only lead to confusion and resistance to adoption.

For instance read:

 "Sender ID" (Published: June 23, 2004 | Updated: July 12, 2004)
 http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx

and

 "Sender ID - Executive Overview" (Published: July 12, 2004)
 
http://download.microsoft.com/download/c/0/4/c0412bf5-86f9-42fa-9f67-59a166c13a77/senderid_exec.pdf

and

 "Sender ID - Deployment Overview for E-Mail Senders" (Published: July 12, 2004)
  
http://download.microsoft.com/download/9/e/d/9ed3b337-7a53-4fd8-bd3e-6c483a2b669a/senderid_deploy.pdf

and 

 "Sender ID Draft Specification: MTA Authentication Records in DNS" (Published 
June 23, 2004)
 
http://download.microsoft.com/download/d/a/2/da2821f5-6acb-4058-8974-5a3c7d187794/senderid.pdf


SPF is not mentioned, even implicitly, in the first three documents, and is 
only implicitly (not explicitly) included in the fourth.  The documents 
specifically direct domain admins to publish "email policy documents" in DNS 
TXT records  in "_ep." subdomains.  The documents only mention the XML version 
of Sender ID records.  No mention is made of backward compatibility with SPF 
and SPF records in DNS TXT records under the regular domain name as a standard 
part of the Sender ID specification.

Also, the last time I checked, MS only had the Caller ID version of their 
Sender ID records in DNS for MSN and Hotmail.  I know that, under the Sender ID 
spec, this is perfectly legal, but displays no inclination to support the early 
adopters who have gone with SPF, and certainly does not encourage others to 
publish SPF or take it seriously.

Somebody needs to hold MS's feet to the fire on this asap.  Probably needs to 
be the big players like AOL.  So long as MS continues to obfuscate the agreed 
upon full back compatibility of SPF and Sender ID, the poor slobs in the real 
world trying to figure out what to do are going to be in a quandry and SPF will 
fail to thrive.

Back to lurking mode.

Mark Holm
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: *****SPAM***** Citibank, Graham Murray
Next by Date:  anti-phishing, Meng Weng Wong
Previous by Thread:  Citibank, Bourque Daniel
Next by Thread:  Re: Microsoft & Sender ID - SPF confusion as of mid July 2004, Michel Bouissou
Indexes:  [Date] [Thread] [Top] [All Lists]