On Oct 19, 2004, at 11:10 AM, Koen Martens wrote:
On Tue, Oct 19, 2004 at 11:01:18AM -0400, Theo Schlossnagle wrote:
When PRA comes in, with all its vague rules, it's a lot less clear to
me what
the risk of false positives will be. That turns SPF from a benefit
to
a
liability. Why would I publish something that's a liability to me?
I agree completely.
I think PRA in SPFv1 puts an obstacle in a fast moving lane.
Right, and what can the members of this list do about it?? Nothing. If
The spec can be published and accepted with PRA, that's what can be
done about it.
microsoft decides to use v=spf1 they will just do that. Irrelevant is
what you and others think. This list is largely irrelevant for
microsoft. By pulling back your spf records, or by threatening to pull
back your spf records, you accomplish exactly this: nothing. Apart from
whatever effect it has on your liabilities, about which I frankly don't
care.
We already knew that microsoft's involvement is scaring away
implementors and developers. No need to restate that I think.
Threatening to pull back your spf records if microsoft is going to do
PRA against them is pointless.
I never threatened to pull back anything. I'm just wondering why we
are even discussing putting PRA in the SPF spec. Sure, Microsfot can
abuse that record if they want as can I or anyone else. And, if that
abuse becomes wide spread, everyone will end up supporting (all the
commercial products at least) and there will be patches against the
open source ones even if their maintainers remain bullheaded. What's
the point?
Microsoft is scaring away who? I'm not scared. I'd just like to have
the damn standard published. There will always be people that will
deviate from the standard, implement it _completely_ wrong or simply
abuse its products for alternative goals.
The standard should be published now. We shouldn't discuss adding PRA.
We've had that discussion and if it is truly that important, then it
can go into SPF/2.0 or whatever follows and deprecates this spec.
I personally don't see PRA giving me anything that DomainKeys doesn't.
And DomainKeys provides a lot more.
SPF: control of the return path
DomainKeys: integrity and authenticity of the content (including
headers).
Perfectly symbiotic.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth