On Sat, 30 Oct 2004 09:00:43 +0100, Chris Haynes
<chris(_at_)harvington(_dot_)org(_dot_)uk> wrote:
Point taken (as least by me): so this creates a communications contest, and
guess who has more funding for communications.
So here is an alternative proposal to let Microsoft promote publication of
spf1
records, yet not run the risk of fouling up SPF tests where their use in PRA
was
not envisaged.
SPF should define (even at this late day) a new modifier for spf1: "pra" with
a
single legal value "yes".
If this modifier is present in a record, then the publisher is inviting /
permitting her policy to be used in PRA tests.
For completeness, we should mandate that the modifier only applies to the
record
in which it occurs. If a record contains "pra=yes" and an "include" is also
used
in this record, PRA testing is NOT to be applied to the included record,
unless
it itself also includes "pra=yes".
If "pra=yes" does not occur within the record, then PRA tests MUST NOT be
done.
This condition we write into the spf experimental I-D.
If PRA implementers disrespect this prohibition than it will be clear to all
that they are intentionally breaking the mail system - which would create very
bad PR for them.
All SPF-compliant, pre-existing SPF implementations will just ignore the
presence of the new modifier.
Unless I've made a technical mistake somewhere, this scheme allows senders to
'opt-in' to dual use of their record, with no impact whatsoever on:
1) Pre-existing SPF records,
2) Those publishing new SPF records who do not wish to opt in to PRA
3) Existing SPF receiver test implementations.
Now Microsoft and the SPF community will both be promoting the publishing of
SPF-compatible records, without the danger of SPF record abuse by PRA.
Chris Haynes
Chris,
You're proposing an interesting technical approach that one would
think resolves the problem. Unfortunately the issue is political and
not simply technical.
For arguments sake let's assume that the changes (or something
similar) are made. How many of those already published records will be
modified to allow PRA to be checked? How quickly will they be
modified? I think the answer is, not quickly enough for someone who
wants PRA checks to be widely used against existing SPF1 records.
Going back to Mengs question. Even if the change is made (and agreed
to by all parties), If Microsoft is promoting records with "pra=yes"
and the SPF "classic" crowd is promoting without, you still have the
marketing war that Meng appears anxious to avoid. Honestly, I don't
think Microsoft would agree even if the SPF "community" was willing to
accept this approach. The current situation is much more favorable for
Microsoft (barring potential legal or PR issues resulting from
checking PRA against those existing SPF1 records - I'm not going to
spend any effort pondering those issues).
I need to do some pondering on this in terms of technical impacts. I
probably won't solidify my thoughts until after the FTC shindig (which
may be too late for purposes of what people want to do) as I am on the
road and busy this coming week. I also want to spend some time talking
with Michael Weiner offline about implementation issues and potential
problems.
Mike