----- Original Message -----
From: "Chris Haynes" <chris(_at_)harvington(_dot_)org(_dot_)uk>
SPF should define (even at this late day) a new modifier for spf1: "pra"
with a
single legal value "yes".
If this modifier is present in a record, then the publisher is inviting /
permitting her policy to be used in PRA tests.
For completeness, we should mandate that the modifier only applies to the
record
in which it occurs. If a record contains "pra=yes" and an "include" is
also used
in this record, PRA testing is NOT to be applied to the included record,
unless
it itself also includes "pra=yes".
If "pra=yes" does not occur within the record, then PRA tests MUST NOT be
done.
This condition we write into the spf experimental I-D.
If PRA implementers disrespect this prohibition than it will be clear to
all
that they are intentionally breaking the mail system - which would create
very
bad PR for them.
All SPF-compliant, pre-existing SPF implementations will just ignore the
presence of the new modifier.
Unless I've made a technical mistake somewhere, this scheme allows senders
to
'opt-in' to dual use of their record, with no impact whatsoever on:
1) Pre-existing SPF records,
2) Those publishing new SPF records who do not wish to opt in to PRA
3) Existing SPF receiver test implementations.
Now Microsoft and the SPF community will both be promoting the publishing
of
SPF-compatible records, without the danger of SPF record abuse by PRA.
Chris Haynes
Politically - I think this idea is good - it overcomes the potential
confusion of MS using v=spf1 for PRA, without embarrassing MS and without
needing widespread rewriting of existing records unless the publisher
specifically *wants* his/her v=1spf record to be used by PRA.
It is a friendly solution to all parties - including us, as it is only a
small change to the spec.
I have only one slight amendment to suggest.
If the spec is to remain stable in spite of future protocols possibly
wanting to use v=spf1, the record should not mention PRA by name. What if
Sendmail comes up with a different way to milter v=spf1 records and calls it
SMM? We need a modifier which allows publishers to tell the world that they
don't mind anyone using their v=spf1 record for protocols other than spf.
something like OP=yes (Other Protocols).
For the hard-liners who say MS should not use v=spf1 -- it is time to face
up to the fact that we are not all-powerful. People, corporations, et al,
will do what they want with v=spf1. Our job is to provide some protection
for the work already done and the records already published.
It will be another opportunity for MS to demonstrate that their actions
match their promises to Meng.
Most importantly - It can be applied to any future protocols which might
appear and want to use v=spf1. People will have the opportunity to opt in
or not as they wish - in the true spirit of open source.
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492