----- Original Message -----
From: "Meng Weng Wong" <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, October 15, 2004 6:25 PM
Subject: [spf-discuss] will PRA checking take off anyway?
Excellent, I think we are beginning to agree on exactly
where we disagree.
Not really *excellent* at all ! It has taken far too long for you to come
out and declare what your position is. By delaying like this you have cost
spf development and the community a considerable amount of frustrating,
wasted time, speculating on what is *really* going on between you and M$.
While you prevaricate and try to please everyone, some of the spf developers
lose heart - or is that part of the M$ plan - divide and conquer?
If you *really* have the best interests of spf at heart you will set aside a
couple of hours and write up a complete summary of what has transpired in
the communications between you and M$ which you allude to.
I see the 2821.mail-from as the province of the MTA.
I see the 2822.pra as the province of the MUA.
<snip>
I am in a lot of meetings today but I would like to continue
to explore where we differ. The goal is to reach a concise
explanation of differences which we can explain to the
media. If the Loyal Opposition is going to mount a PR
campaign and take the message to the media directly, I
strongly suggest you formulate a position:
1) what are publishers expected to publish?
ATM - they publish spfv=1 , until another version is available.
2) what are receivers to check?
Receiving MTA's should use mailfrom: for one-hop mails - that's what works
right now and covers a *huge* amount of e-mail transmissions. SPF is being
developed to do more - watch this space......
3) what do we say to people who see that MS is interpreting
v=spf1 in PRA scope?
The spf record was not designed for PRA, but what M$ do is up to M$. We
have no control over them, nor they over us.
Those are the responses I would advocate for the media. Nothing too
complicated, nothing too technical, nothing ambiguous - they'll only get it
wrong. Figures for the use of spfv=1 could be used to demonstrate it's
effectiveness.
If you are saying that MUA's can use the existing spfv=1 record to check the
PRA and you are prepared to stake your reputation on the outcome, that's
fine. But, as several people have pointed out, it's going to be a long
time before any new
edition of an MUA will be available with PRA checking built in.
If you are asking what do we tell the media about developements, it is
probably fair to say that spf is being developed in several complimentary
directions, with the aim of making it a truly open source protocol, with
facility to accomodate all known technologies, while leaving room for future
ones.
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492