On Fri, Sep 10, 2004 at 10:58:13AM -0700,
Jonathan Gardner <jonagard(_at_)amazon(_dot_)com> wrote
a message of 75 lines which said:
(1) SPF is simple. Most people with only a casual understanding of
SMTP will get it.
I believe you are quite over-optimistic: at the present time, most SPF
users are experts and convinced experts. When we'll see wide
deployment of SPF, we will have to face a lot more problems, showing
that SPF is not "simple" (I mention it as the author of two lectures
on SPF, one for techies and one for managers).
(2) Deploying SPF records is extremely simple. You don't even have
to understand SMTP to publish.
So, why people do stupid mistakes like the one in nordnet.fr?
(3) Checking SPF is pretty easy. All I have to do is configure my
MTA a bit and add some code.
...
We spent more time talking about SPF at Amazon than deploying
SPF. It literally took less than 10 minutes to get published.
We are not talking about Amazon email experts. We are talking about
Joe Sysadmin at smalldomain.com.
Now, onto SPF Unified. All of a sudden, the simplicity is lost. Now
people need to familiarize themselves with the SMTP protocol to a
level that isn't generally necessary. They have to learn about a new
algorithm - PRA - and it's arbitrary ordering of headers. They have
to figure out which way they want to deply - SPF/HELO, SPF/MAILFROM,
SPF/PRA, etc - and that is not an easy decision to make, let alone
even to understand.
This simply reflects the complexity of the real world. SPF tried to
simplify the world (pretending there is only one identity in email,
envelope from, while there are many, each with its strengths and
weaknesses). Unified SPF tries to acknowledge the fact that there is
no consensus on the best identity (probably for a very good reason).