On Sat, 2004-11-06 at 00:45 +0100, Koen Martens wrote:
On Fri, Nov 05, 2004 at 11:58:33AM -0600, wayne wrote:
As far as my personal position on SenderID, I have long held that:
* The patent license is incompatible with far too large a percentage
of deployed MTAs for it to become a standard (de-jure or de-facto).
Unless a widely accepted alternative that covers the From: header
can be found, I will work to stop any standardization on the PRA.
* The PRA has many technical problems that make it unsuitable for use
in the real world.
* The PRA doesn't protect the From: header when phishing is going
on. So, the PRA only protects it when there is no need to protect
it.
* The PRA gives false positives (fails) on all the same things that
SPF does, but also fails on mailing lists and on some
person-to-person email when the MTAs incorrectly add the wrong
Sender: header.
From what I can tell, since mail coming from mailing lists are far
more common than mail coming from forwarders, this means that the
PRA has an error rate of at least 10 and maybe up to 1000 times as
high as SPF-classic.
* SenderID re-purposes the v=spf1 records. This will cause failures
in cases where deployed SPF records currently work. In some
cases, those failures can be fixed by changing things, in others
(e.g. SES exists:), it can't
* The PRA has had very limited deployment and testing, making it far
riskier than SPF-classic.
* The PRA requires the use of the Resent-* headers that many people
believe is inconsistent with the use defined in RFC2822. Almost(?)
no one currently uses these headers for either mailing lists nor
forwarding.
The only reason that I can tell that the Resent-* headers are used
instead of a new, PRA specific header, is that it a new header
would making very obvious that this is a significant change to the
current email enviroment.
I'm sorry that this isn't a web page as you asked for. I could create
one easily enough, but it would still be my opinion, and not the
consensus of the SPF community.
If I've missed something and I can help, please let me know.
Actually, that's pretty much what I would have come up with. Should we
take it to a vote? I vote yes for this text.
Fix the typos and i vote YES for this text as well (i.e. last word in
the last paragraph SHOULD be environment). Though please review what
James has posted on the web it looks the same, but i didnt do a very
close comparison.
Michael Weiner
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part