spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why I think we should tolerate compatibility with PRA.

2004-10-03 02:31:12
from [Greg Connor] [Permanent Link] 
Meng Weng Wong:

To satisfy all of the above views, I would like to pursue
the following approach with Sender ID:

v=spf1 originally applied to mail-from.
v=spf1 now applies to helo as well.
v=spf1 will in future apply to PRA also.

Senders whose PRA and mail-from configurations are
identical need only publish v=spf1.  This describes the
vast majority of senders, particularly those with control
over the Sender header.
I like this approach. A lot of the work we did to define Unified SPF was an effort to include other identities that might often have the same policies as mail-from, or at least would benefit from using most of SPF's mechanisms.
I see Sender ID as totally in the spirit of Unified SPF. As an early and strong advocate of Unification, of course I want to see Sender ID do well, because if Sender ID does well, Unified SPF will probably do well too.
Now, to be clear, I don't like Microsoft much at all, and their patent and other behavior stinks. I would like to see Sender ID do well, but I will probably not use it myself, unless their license is somehow fixed. But, this doesn't change my stance.
If I were to take a page from the MS playbook, the page that comes to mind right now is "embrace and extend". Even if I will never buy Sender ID from Microsoft, I would still like Microsoft to buy SPF and use it. In other words, even if Microsoft is the only one eating Microsoft-brand dog food, at least they are getting some (most) of their raw materials from us. 



Senders whose PRA and mail-from configurations are
different can override using an spf2.0 record.

Receivers who interpret PRA scope MUST read spf2.0
records.

Receivers who do not see an spf2.0/pra scope MAY
substitute with a v=spf1 record.

Senders who do not believe that PRA is useful at all can
ignore spf2.0.  If their mail is rejected because their
v=spf1 record is interpreted according to PRA rules, they
should set up an spf2.0/pra record containing only ?all.



Sounds reasonable.



So, even if nobody here likes Microsoft and nobody here
likes PRA, those are the reasons I think we should specify
spf1 to include PRA, and we should specify spf2.0 to allow
explicit PRA scoping.
Yes. We could even leave it open-ended and say "whatever scope anyone else wants to invent, that's OK too". 

--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Why I think we should tolerate compatibility with PRA., John Glube
Next by Date:  Re: Why I think we should tolerate compatibility with PRA., Greg Connor
Previous by Thread:  RE: Why I think we should tolerate compatibility with PRA., John Glube
Next by Thread:  Re: Why I think we should tolerate compatibility with PRA., jpinkerton
Indexes:  [Date] [Thread] [Top] [All Lists]