On Thu, 2 Sep 2004, Koen Martens wrote:
A valid concern however is that classic will not validate 2822 headers,
and the status of Unified-SPF is unknown to me. I've just seen someone
on the mxcomp list suggest that Unified-SPF also uses PRA, and thus
becomes subject matter to ms.
I would like to get SPF classic deployed while 2822 validation is
studied. I would suggest that a useful 2822 validation scheme should
depend on validated 2821 headers.
For example, off the top of my head, instead of listing IP addresses, a 2822
SPF record for a From: domain ought to list 2821 domains authorized to send
email From that domain. For most domains, there would be only one 2821 domain
authorized. Grody details for mailing lists, forwarders and greeting card
sites left as an exercise :-), but are similar to SPF classic - except dealing
with 2821 domains instead of IP addresses - and there are lots of headers to
store things in. Since M$ has patented looking at the standard headers, we
would have to invent new ones like 'Forwarder:'.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.