spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Summary Please - where is SPF 1?

2004-10-28 07:40:47
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Graham Murray" <graham(_at_)gmurray(_dot_)org(_dot_)uk>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, October 28, 2004 5:22 AM
Subject: Re: [spf-discuss] Summary Please - where is SPF 1?



Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:


I don't know of any MTA vendors who are implementing PRA checking at
this time.  Which kinda makes sense, because PRA is for MUAs, and
MUAs are ... mostly Outlook.  2821.mail-from is for MTAs, and
they're quite happy with SPF Classic.


If that had been acknowledged early in the proceedings in MARID (which
should have been concerned with implementation in MTAs) then PRA
should never have been 'on the table' and maybe things might have
ended up very differently.



Not only that, Meng is wrong that MUA's will implement PRA (certainly
Microsoft will stay away from it with a 10 feet pole) if only for one main
legal reason:

    The "PRA" concept at the MUA is patented and Microsoft comment about
    this client-side patent is that Microsoft's solution is a Server-Side
solution.

The second reason is its not logical

     It requires the MUA's to change and it presumes that the ISP is SPF
ready.
     Hence, is the ISP is SPF ready, it is logical (and legally prudent)
place
     to protect the user before he gets hurt.

So these again are Meng's comment that really had no point to it.  If its
true, what
does it had to do with SPF?  He is trying to defined who uses what and is
getting
off base on solving the problem that SPF attempts to address.

My crystal ball says:

    MUA will adapt to use end-point to end-point validation concepts with
the
    assistance of middle ware.  YKD has must promise here.

    MTA will adapt in two ways:

    1) Provide extremely strong SMTP level validation concepts
        that are independent of  PAYLOAD requirements.

    2) The IETF-SMTP people get off their ass and invent a HEAD/DATA
        comment to allow for 2821 level header validation methods.

In both cases, MTA and MUA's will support CANSPAM with full address
validation
which neither SPF and/or SENDERID/PRA can do today.

Sincerely,

Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sender ID in the news, David
Next by Date:  Re: Explain, Mike
Previous by Thread:  Re: Summary Please - where is SPF 1?, Graham Murray
Next by Thread:  Re: Summary Please - where is SPF 1?, Michael Hammer
Indexes:  [Date] [Thread] [Top] [All Lists]