In <BD933FC6(_dot_)ACA2%cdhutzler(_at_)aol(_dot_)com> Carl Hutzler
<cdhutzler(_at_)aol(_dot_)com> writes:
On 10/13/04 7:48 PM, "Meng Weng Wong"
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:
AOL agrees with Meng :-)
[snip]
Our concern really stems from the fact that others have concerns. And those
concerns :may: slow adoption. This would be a downside as SID and other
technologies really rely on wide-spread adoption to be effective.
I think this is a very valid concern, and you underestimate the
problems that the license will cause with deployment.
But for now, we do like the changes Meng spoke of above - support for PRA
and mail-from and backwards compatibility with the v1 and v2 records.
Ok, I have to confess that I have always seen the PRA has being
untested, obviously broken, and despite MS's claims, much more work to
get the current email environment to work with it than SPF/SRS.
The PRA doesn't protect the 2822.From: header, except in cases where
the 2822.From: header doesn't need protecting. (e.g., phishers can
simply add a Resent-From: header.)
The PRA breaks forwarding.
The PRA breaks many mailing lists (~20%).
The PRA breaks direct person-to-person email where the sending MTA
incorrectly adds a bogus Sender: header. (I found quite a few of
these cases in my inbox.)
So, my question is, why does both AOL and Sendmail support the PRA at
all?
I can understand Margaret Olson's support, and I can under MS's
support, but for the life of me, I can't see why many others would
support the PRA at all.
-wayne