"Michael Hammer"
On Sat, 30 Oct 2004 09:00:43 +0100, Chris Haynes
<chris(_at_)harvington(_dot_)org(_dot_)uk> wrote:
Point taken (as least by me): so this creates a communications contest, and
guess who has more funding for communications.
So here is an alternative proposal to let Microsoft promote publication of
spf1
records, yet not run the risk of fouling up SPF tests where their use in PRA
was
not envisaged.
SPF should define (even at this late day) a new modifier for spf1: "pra"
with a
single legal value "yes".
If this modifier is present in a record, then the publisher is inviting /
permitting her policy to be used in PRA tests.
For completeness, we should mandate that the modifier only applies to the
record
in which it occurs. If a record contains "pra=yes" and an "include" is also
used
in this record, PRA testing is NOT to be applied to the included record,
unless
it itself also includes "pra=yes".
If "pra=yes" does not occur within the record, then PRA tests MUST NOT be
done.
This condition we write into the spf experimental I-D.
If PRA implementers disrespect this prohibition than it will be clear to all
that they are intentionally breaking the mail system - which would create
very
bad PR for them.
All SPF-compliant, pre-existing SPF implementations will just ignore the
presence of the new modifier.
Unless I've made a technical mistake somewhere, this scheme allows senders
to
'opt-in' to dual use of their record, with no impact whatsoever on:
1) Pre-existing SPF records,
2) Those publishing new SPF records who do not wish to opt in to PRA
3) Existing SPF receiver test implementations.
Now Microsoft and the SPF community will both be promoting the publishing of
SPF-compatible records, without the danger of SPF record abuse by PRA.
Chris Haynes
Chris,
You're proposing an interesting technical approach that one would
think resolves the problem. Unfortunately the issue is political and
not simply technical.
For arguments sake let's assume that the changes (or something
similar) are made. How many of those already published records will be
modified to allow PRA to be checked? How quickly will they be
modified? I think the answer is, not quickly enough for someone who
wants PRA checks to be widely used against existing SPF1 records.
Going back to Mengs question. Even if the change is made (and agreed
to by all parties), If Microsoft is promoting records with "pra=yes"
and the SPF "classic" crowd is promoting without, you still have the
marketing war that Meng appears anxious to avoid. Honestly, I don't
think Microsoft would agree even if the SPF "community" was willing to
accept this approach. The current situation is much more favorable for
Microsoft (barring potential legal or PR issues resulting from
checking PRA against those existing SPF1 records - I'm not going to
spend any effort pondering those issues).
I need to do some pondering on this in terms of technical impacts. I
probably won't solidify my thoughts until after the FTC shindig (which
may be too late for purposes of what people want to do) as I am on the
road and busy this coming week. I also want to spend some time talking
with Michael Weiner offline about implementation issues and potential
problems.
Mike
Thanks, Mike. I am aware of the political dimension - I didn't want to mix my
political reasoning with my technical proposal. However, now you've raised it,
my thinking goes like this:
1) M$ say they intend to use existing SPF records for PRA testing,
2) SPF community responds: 'Oi, Microsoft, No!! That breaks many existing
policies'.
3) Microsoft says (via intermediaries) "So how else are we to conduct our part
of the parallel experimental phase? Do you seriously want us to tell people to
puiblish spf2.0/pra as well?"
4) So I suggest: "Er no. Tell you what, we'll let people add a flag to their SPF
1 records stating that they are content for that record to also be used for PRA
testing. An opt-in. That way no one gets abused / called an abuser".
5) You retort: "By why would anyone want to do that?"
6) To which I respond innocently and with English irony: "This is about market
forces, right? PRA's supporters think its really useful, right? So policy
publishers will be keen to take part in the Microsoft PRA experiment - right? So
this is a great way of proving PRA in the marketplace - right?"
7) To which the PRA response is - what?
Look - what I'm proposing is a simple spf1-compatible extension which gets
Microsoft promoting the publishing of spf1 records. No one has identified any
technical downside to existing SPF senders or receivers. Every record published
at Microsoft's behest with the PRA 'flag' in it is ALSO another SPF1 record
published.
The _only_ way this can be rejected is if Microsoft cannot bear to see SPF
thrive.
My scheme offers those who are still trying to preserve links between SPF and
Microsoft. a technically-viable way forward for an experimental phase.
So it's intended as political opportunity to demonstrate the possibility of /
desire for peaceful co-existence [phrase selected with _all_ the awareness of
historical significance for which we Brits are renowned], as well as a technical
solution with no negative impact for SPF.
Chris Haynes