Re: SPF and Responsibility

On Thu, 2004-07-22 at 06:13, Michel Bouissou wrote:

No, no.

The "+" character, once again, does not mean that <<the sender is
willing to stand behind messages from his domain from this server,
putting his reputation on the line.>>

It doesn't mean either that the sender asks <<please trust that mail from a 
certain server>>

Actually the sender doesn't ask anything such as "please trust..." and he 
makes no assertion about a given message.

The sender domain *ONLY* asserts "this server is legitimate for sending mail 
coming from my domain". And not anything further than this.


There are two issues here:  What should the spec try to say (and imply),
and what does the spec actually say (and imply.)

Let's address them separately.

On what-should-the-spec-try-to-say:

  As a recipient, I care whether a piece of mail is authentic.
  I don't care whether the server is legitimate versus  
  possibly-legitimate if that bit of information doesn't
  mean I can conclude that the mail is authentic. 

  If we were to take your interpretation of the current spec, PASS
  wouldn't be useful as a more positive statement than NEUTRAL.

  So, if what you say were true, what would be the purpose in having
  a PASS result in the spec at all?

  What good would it actually do in the real world, especially
  compared to an alternative the-message-is-legitimate possibility?

  If it had no useful purpose, (as I believe is the case with your
  interpretation), I would say that we should change the spec so
  it did, (such as the interpretation I claim is valid.)

  So since you've claimed that PASS doesn't mean the message is
  authentic, I'm curious if you think it *should* mean that?

On what-the-spec-does-say:

  Quating from the latest marid draft:
  http://www.imc.org/ietf-mxcomp/mail-archive/msg02719.html:

  |5.2  Pass
  |
  |   An SMTP server receiving this result SHOULD treat the message as
  |   authentic.  It may accept or reject the message depending on other
  |   policies.

  There's nothing about server legitimacy mentioned there, instead both
  sentences refer to the incoming message itself.

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF and Responsibility, (continued) Re: SPF and Responsibility, Michel Bouissou Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Stuart D. Gathman Re: SPF and Responsibility, David Beveridge Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, David Beveridge Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, David Beveridge Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Michel Bouissou Re: SPF and Responsibility, Mark Shewmaker <= RE: SPF and Responsibility, terry RE: SPF and Responsibility, Mark Shewmaker RE: SPF and Responsibility, terry Re: SPF and Responsibility, Daniel Taylor RE: SPF and Responsibility, terry RE: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Andriy G. Tereshchenko Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Greg Wooledge Re: SPF and Responsibility, Daniel Taylor