Seth,
You write:
"That's really not so bad. Anyone who wants to use SPF
classic will publish a record with v=spf1. Most people
have already done that and there are several free,
unencumbered, open software solutions for them to chose
from. Anyone who wants to use PRA/SUBMITTER, yes, that
means both of you, will publish a record with v=marid1, and
don't forget to apply for your Microsoft license if you
want to touch the code. I think choice is an excellent
thing."
Maybe I missed the boat here, but it is my understanding if
this change in version string goes through the next draft
of the marid protocol will tell folks wanting to publish a
sender policy record:
* you must use v=marid1.
Senders will not have the option of choosing:
* use v=spf1 if you want mail from checked, or v=marid1 if
you want sender from checked.
To my understanding the whole point of unification, along
with the merger with caller-id was to ensure all senders
run on the same "track," while giving receivers the option
of choice.
It is the receiver who will have the option of choosing a
library/plug in and using an authentication process which:
* checks for SMPTP mail from; or
* checks for SMTP re-sent sender from, sender from, mail
from; or
* checks for SMTP ehelo;
(These three presume core will allow for this.)
Using at this juncture an open source library or plug in.
However all the installed libraries and plug in's will need
to be upgraded to run checks on v=marid1.
Otherwise you are going to have a conflict.
Senders will be publishing records in compliance with the
marid protocol, but receivers will be rejecting these
records as not being authoritative because they use an
unrecognizable version string.
At the same time, all the existing published sender policy
records will need to be changed from v=spf1 to v=marid1.
This will ensure all the existing sender policy records
work with the modified libraries and plug ins.
The open source community can say no. We see no need to
change.
But then the open source community will have fragmented and
from a marketing perspective MS wins.
Also, at the end of the day, the open source community will
be compelled to change if people want their email delivered
to any major ISP or business network using the marid
protocol, core and sender to run authentication checks,
with or without PRA.
Of course, the receiver can if he wishes, sign a license
with MS and use a library or plug in which checks for PRA.
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.734 / Virus Database: 488 - Release Date: 04/08/2004