spf-discuss
[Top] [All Lists]

Re: Sender ID and Return Path

2004-08-31 14:35:12

On Tue, 31 Aug 2004, Jeremy Harris wrote:

John Glube wrote:
On Aug 24, 2004, at 07:11, Meng Weng Wong wrote:
[...]
This is a concern that has been voiced to me by several
major sites that are exactly the same set of sites we use
as examples for where we need to stop phishing from.  They
are most likely going to publish *both* spfv1 and spfv2/pra
records, and their initial investigation of their email
architectures has indicated that those records are going to
be pushing this real-world 240-byte limit (a 480 byte
effective UDP packet split in two)


His post leads to two possible solutions:

The initial design logic behind changing the version string
was flawed.

The alternative approach?
[...]
* Don?t object to the change of version string for
Sender-ID.

* Accept a sub-domain for publishing the txt email policy
record for Sender-ID.

Third possibility:

* Permit the spf2/pra record to reference the spf1 record.

Fourth (?) possibility:

Introduce scoping modifiers for SPF1 records, which in cases spf2/pra and 
spf1 records are identical will work exactly like "spf2/pra,mail-from ..."
but it fully supports existing base of spf1 mail libraries and does not 
require republishing of records from those already using spf1 or those 
that are not willing to check PRA because of licensing issues:
 "v=spf1 sc=p,s ip4:192.168.0.0/24 ~all"

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>