spf-discuss
[Top] [All Lists]

Re: SPF and Responsibility

2004-07-21 14:05:13
On Wed, 2004-07-21 at 16:19, Michel Bouissou wrote:

PASS means that the *server* is 
legitimate, not that the *message* is legitimate, and that makes quite a big 
difference...

In your interpretation, with "+" meaning: "This is a legitimate server,
and messages from it may or may not be legitimate" and "?" meaning:
"This is possibly a legitimate server, possibly not, and messages from
it may or may not be legitimate", what is the useful difference between
the two for recipients reading your claims?

From the point of view of a recipient, in my mind, such an
interpretation would be as useless as if the standard said that "+"
meant:  "This server is painted blue, and messages from it may or may
not be legitimate" and "?" meaning: "This server is possibly painted
blue, and messages may or may not be legitimate"

In other words, if your claims of legitimacy can't help me as a
recipient determine that your message is legitimate, then that's a
useless claim to me

In my mind there's simply little point to a standard in which a sender
can only either make negative claims of legitimacy or useless claims of
legitimacy.

So, do you think the spec and accompanying documentation *should* say
what you think it *does* say?

If your answer is "yes", then I would ask why you wouldn't allow for an
option that allows a domain owner to make positive claims of message
legitimacy.

If your answer is "no", and you think the wording is confusing, then I'm
guessing that the web site folks will listen to suggestions on clearer
wording.

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>