On Sat, 2004-10-30 at 14:34, Michael Hammer wrote:
Going back to Mengs question. Even if the change is made (and agreed
to by all parties), If Microsoft is promoting records with "pra=yes"
and the SPF "classic" crowd is promoting without, you still have the
marketing war that Meng appears anxious to avoid. Honestly, I don't
think Microsoft would agree even if the SPF "community" was willing to
accept this approach. The current situation is much more favorable for
Microsoft (barring potential legal or PR issues resulting from
checking PRA against those existing SPF1 records - I'm not going to
spend any effort pondering those issues).
It is ironic that Microsoft is suggesting (or anyone would suggest) an
opt-out policy of publishing "spf2.0/pra" next to "v=spf1" to avoid PRA
checks as a means to help combat phishing and spam. If we know that
opt-out via "send an email to X to be removed from our mailing-list"
doesn't work and is an opening for abuse (collection of valid email
addresses), what makes anyone think that applying opt-out in this case
makes more, or any, sense? The opt-in to PRA via "pra=yes" or a scope
modifier or some such makes much more sense and fits much better with
the position that opt-out is bad which everyone involved with combating
spam has been spouting off about for a long time now. Saying "opt-out
marketing is bad" and "opt-out sender verification is good" is
contradictory, especially when we all know what opt-out in general is a
questionable practice.