spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

inconsistent advice and unpredictable results was(RE: Summary Please - where is SPF 1?)

2004-10-29 09:58:57
from [Robert Barclay] [Permanent Link] 


-----Original Message-----
From: Meng Weng Wong [mailto:mengwong(_at_)dumbo(_dot_)pobox(_dot_)com]
Sent: Friday, October 29, 2004 10:29 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Summary Please - where is SPF 1?

On Fri, Oct 29, 2004 at 08:42:16AM -0400, Michael Hammer wrote:
|
| I absolutely agree with you Robert. If PRA checking were performed
| under SPF2.0/PRA where people published their records accordingly I
| wouldn't be as concerned.
|
| The problem is that unpredictable outcomes are created for people

who

| published SPF1 records according to the SPF1 requirements in good
| faith.

I negotiated with MS on this issue and the answer is "if
you're not comfortable with SPF1 records being used in PRA

  domain.com TXT "spf2.0/pra"

That record means the spf1 record won't be used for PRA.



 While my point was partially around unpredictable results, (and yes I
think this is a potential major problem) the more immediate (and
resolvable) issue was around the inconsistent advice on the two help
pages listed. One of the pages (the one for web based emailers) says
using a Sender header is o.k. while the advice for ESPs says
specifically not to rely on the Sender header to pass because of the
risk of implementations that only check the From:

My main request was that regardless of MS' actions, the advice given on
whether or not it is safe to use the Sender header be consistent between
those two pages.

I think most of the points about unpredictable results have already been
made. I do not think that publishing an spf2.0 entry that just
authorizes (or even just gives an unknown) t the rest of the world is
either a great idea, or a complete solution to the problem of unexpected
results. But, for the purposes of this thread my goal was simply that
avoidable confusion and inconsistency make the problem worse for
Senders.

Robert





The way I see it, the onus is on MS and anyone else
implementing PRA to specialcase around failures of the PRA
to DTRT.  (eg EzMLM, Yahoo!Groups).

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
features SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-
discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Summary Please - where is SPF 1?, Julian Mehnle
Next by Date:  spf2.0/pra next to v=spf1, Andy Bakun
Previous by Thread:  pobox DNS issues?, James Couzens
Next by Thread:  RE: inconsistent advice and unpredictable results, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]