--Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:
OK, let's run a thought experiment so we can think this
through.
Suppose we renegotiate and the agreement is that MS PRA stuff
will not use v=spf1 records for PRA scope checking. MS will
tell people to publish spf2.0/pra, and the SPF community
will tell people to publish v=spf1.
What will senders do?
I think just about everyone missed the point of Meng's question. Too bad.
If you support the reuse of spf1 records for SenderID, it's probably for
one or more of three main reasons.
1. Fundamental belief that for most, practically ALL uses, the actual
record will be the same. That is, whether you use domain.com as a return
address, or in a PRA header, the same set of servers will be sending the
mail.
2. Belief that domain owners would prefer to publish one record instead of
two, and that allowing them to do so is of mutual benefit to everyone. If
the net result of SenderID is that more people publish more SPF records,
great.
3. Belief that even if PRA doesn't work well in all cases, SPF still
benefits by SenderID using the records and more people becoming aware of
SPF as the underlying technology.
If you object to reuse of spf1 records, it's probably for one or more of
three main reasons.
1. Augh! Microsoft bad! Patent bad! It burns us, precious! Must fight
the corporate machine! The Man keepin us down!
2. There *might* be some cases where mfrom checking would work and PRA
checking would fail. Therefore it's better to avoid any cross-pollenation
of the strains.
2a. I know of some actual cases and they are not trivial.
2b. I don't actually know of any cases, but I'm prepared to trust what
other people tell me about them because that's consistent with my anti-MS
agenda.
3. Whether or not there are real cases of incorrect results, belief that
SPF should be kept "pure" and not used for any "off-label" purpose,
regardless of whether it works well in the lab or in the real world.
I would put myself slightly on the Pro-Reuse side, for all three reasons
stated in the first part. I believe there is little or no harm to allowing
spf1 records to be used for PRA, and that there is benefit to be had by it.
I am frankly sick of hearing about "Microsoft Bad!" and how we should turn
all of SPF's resources into an Anti-MS machine by actively opposing them.
Most of the No Reuse arguments seem to be based on this. They seem to be
based on MS Bad, or Patents Bad, and that we should expend resources to
actively oppose them based only on political affiliation. I am pretty much
ignoring those arguments because nothing new has been said on the subject;
there are just the same strong feelings being stated over and over.
I would like to hear more from the No Reuse side in category 2a. Nobody
has shown clear examples of exactly how PRA will fail in cases where MAIL
FROM works. The essence of the whole No Reuse camp seems to be an
underlying assumption that since PRA is inherently flawed, that
automatically means it will fail when applied using spf1 records. Neither
of those have been shown to be true. PRA may or may not be flawed. If it
is, it may or may not mean that it is also incompatible with spf1. (From
my understanding, PRA will actually accept mail in many perhaps-legitimate
cases where classic SPF would fail.
Yes, 2b. exists and I'm sick of that one too. Vocal people on the No Reuse
side just automatically believe that 2a. has been conclusively shown, so
they just repeat the mantra, "PRA is flawed. Mail will bounce. People
will blame SPF." It's natural to want to believe things that support your
side, but it's silly to repeat them if you haven't checked.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>