Meng Weng Wong wrote:
1) what exactly is everyone's objection to allowing v=spf1
records to be interpreted in PRA scope?
It doesn't work if the 2822-From identity doesn't match the
MAIL FROM identity. MUAs don't add a Sender: in this case
automatically (for various reasons). MSAs don't add Sender:
automatically (also various reasons, incl. RfC 2476 8.1 MAY
in conjunction with privacy issues).
The chances to "fix" RfC 2476 in this respect are minimal,
because privacy is an important issue (compare some comments
submitted to the FTC). No MSA admin wants to do something
which is both technically unnecessary and legally dubious.
Therefore the mail arrives with a MAIL FROM enforced by the
MSA (if it's a well-behaved MSA), the 2822-From set by the
user, and without a Sender header.
The 2822-From is the favourite address of the user, it is
"his" address user(_at_)favourite(_dot_)domain(_dot_)example
For most users "their" favourite.domain.example is in fact
a domain of their favourite ISP. And the MSA in question
is a 3rd party (roaming scenarios). This ISP won't add IPs
of a 3rd party (MSA) to his sender policy.
In other words the favourite.domain.example sender policy
doesn't allow a MAIL FROM:<user(_at_)favourite(_dot_)domain(_dot_)example>
sent via 3rd parties like the MSA in question. No problem
with v=spf1, that's the point of SPF.
But with Sender-ID the 2822-From sent via a 3rd party _is_
the PRA, because PRA ignores the obvious "missing Sender"
problem. From:<user(_at_)favourite(_dot_)domain(_dot_)example> results in
a FAIL if sent via a 3rd party MSA.
Therefore Sender-ID must not abuse v=spf1 sender policies
for a completely different PRA-identity, the FAIL would be
incorrect.
assume that PRA record content would be the same as for
mailfrom record content.
Why should I assume this, it's not true in my case, and I'm
the typical ISP user, who can't edit the sender policy of
say claranet.de or T-Online for his personal preferences.
2) if MS changed the patent license to be compatible with
free software, would those objections go away?
No, the erroneous Sender-ID FAIL for abused v=spf1 policies
and ordinary users of big ISPs does not go away. It has
nothing to do with patents and licenses,
3) would people rather see Microsoft promote an spf2.0/pra
syntax, while the opensource world promotes a v=spf1
syntax?
It's not ("only") about legal or syntactical problems, it's
about different semantics. The PRA and MAIL FROM identities
are completely different.
assume the contents of those records would be the same
This assumption is wrong. Your question "is there still a
problem assuming that there is no problem" makes no sense.
Just now while I write this I cannot use the mailer of my
ISP, therefore I use the MSA of a 3rd party. But of course
I still use "my" 2822-From nobody(_at_)xyzzy in mail. With a
different MAIL FROM:<user(_at_)3rd(_dot_)party(_dot_)example>. No Sender.
Why is it so difficult to understand this ? Sender-ID
does not work with MAIL FROM policies. And vice versa.
These scopes are completely different.
Of course some users can force an identity. Especially
domain owners are free to specify in their sender policy
whatever they want.
But some of us are no domain owners but ordinary users
of say AOL, GMX, or Hotmail. And these ordinary users
want to use "their" 2822-From whereever it pleases them,
without getting bogus Sender-ID FAILs.
Bye, Frank