spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: purely dual-format approach

2004-10-30 23:59:00
from [Roger Moser] [Permanent Link] 
Microsoft's proposal was:

  Sender ID implementations SHOULD interpret the version prefix "v=spf1"
  as equivalent to "spf2.0/mfrom,pra", provided no record starting with
  "spf2.0" exists.
  If you're not comfortable with SPF1 records being used in PRA context,
  you can just publish "spf2.0/pra".

The problems with this proposal are:

  - It is an undesired opt-out.
  - If a domain does not publish "spf2.0/pra", then mail from that domain
    may be rejected by Sender-ID implementations that incorrectly use the
    SPF1 record for PRA, especially mail in mailing lists that do not add
    a PRA to the header.


Another proposal was:

  The SPF1 records must not be used in the PRA context, except if there
  is a modifier "pra=yes" (or "sc=+pra" or similar).

  Senders that allow their SPF1 records to be used in the PRA context
  should add the "pra=yes" modifier.

  Receivers that implement the PRA checking must recognize the "pra=yes"
  modifier and act accordingly.

There are no problems with that proposal since it works with all current
SPF implementations and all currently published SPF1 records as I will show
below:

Case 1: The sender does not publish the modifier "pra=yes" and the
  receiver does not do PRA checking. Well, that is the current situation
  and is certainly handled as intended.

Case 2: The sender does not publish the modifier "pra=yes" and the
  receiver implemented the PRA checking. Since there is no "pra=yes", the
  receiver does not use the SPF1 record in the PRA context, as intended.

Case 3: The sender publishes the modifier "pra=yes" but the receiver does
  not do PRA checking. The receiver use the SPF1 record in the MAIL FROM
  context and ignores the unknown "pra" modifier. No problem here because
  the receiver is allowed to use the SPF1 record in the MAIL FROM context.

Case 4: The sender publishes the modifier "pra=yes" and the receiver
  implemented the PRA checking. The receiver will probably use the SPF1
  record in the PRA context, and that is explicitely permitted by the
  sender.


Frank, from your answers I conclude that you are for Microsoft's proposal.
Is it like that?

Roger
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: purely dual-format approach, Andy Bakun
Next by Date:  Re: Re: purely dual-format approach, jpinkerton
Previous by Thread:  Re: Re: purely dual-format approach, James Couzens
Next by Thread:  Re: purely dual-format approach, Michael Hammer
Indexes:  [Date] [Thread] [Top] [All Lists]