spf-discuss
[Top] [All Lists]

Re: Re: [SPF v1 Draft] Last chance before I submit...

2004-10-19 08:25:09

On Oct 19, 2004, at 11:10 AM, Koen Martens wrote:

On Tue, Oct 19, 2004 at 11:01:18AM -0400, Theo Schlossnagle wrote:
When PRA comes in, with all its vague rules, it's a lot less clear to
me what
the risk of false positives will be. That turns SPF from a benefit to
a
liability.  Why would I publish something that's a liability to me?

I agree completely.

I think PRA in SPFv1 puts an obstacle in a fast moving lane.

Right, and what can the members of this list do about it?? Nothing. If

The spec can be published and accepted with PRA, that's what can be done about it.

microsoft decides to use v=spf1 they will just do that. Irrelevant is
what you and others think. This list is largely irrelevant for
microsoft. By pulling back your spf records, or by threatening to pull
back your spf records, you accomplish exactly this: nothing. Apart from
whatever effect it has on your liabilities, about which I frankly don't
care.

We already knew that microsoft's involvement is scaring away
implementors and developers. No need to restate that I think.

Threatening to pull back your spf records if microsoft is going to do
PRA against them is pointless.

I never threatened to pull back anything. I'm just wondering why we are even discussing putting PRA in the SPF spec. Sure, Microsfot can abuse that record if they want as can I or anyone else. And, if that abuse becomes wide spread, everyone will end up supporting (all the commercial products at least) and there will be patches against the open source ones even if their maintainers remain bullheaded. What's the point?

Microsoft is scaring away who? I'm not scared. I'd just like to have the damn standard published. There will always be people that will deviate from the standard, implement it _completely_ wrong or simply abuse its products for alternative goals.

The standard should be published now. We shouldn't discuss adding PRA. We've had that discussion and if it is truly that important, then it can go into SPF/2.0 or whatever follows and deprecates this spec.

I personally don't see PRA giving me anything that DomainKeys doesn't. And DomainKeys provides a lot more.

SPF: control of the return path
DomainKeys: integrity and authenticity of the content (including headers).

Perfectly symbiotic.

// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth


<Prev in Thread] Current Thread [Next in Thread>