-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of
william(at)elan.net
Sent: Wednesday, December 08, 2004 1:23 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Agenda item: SenderID Position Statement
On Wed, 8 Dec 2004, Scott Kitterman wrote:
I agree. It's an abuse of the v=spf1 record and I don't like it
a bit, but
MS isn't going to change.
MS can do as it likes to its own users (i.e hotmail, msn) but we have
responsibility to let others know about it so they dont follow bad example.
We also should inform MS users so they know who is responsible if they
experience serious problems and know that their options would be to contact
Microsoft and complain about incorrect use of SPF records.
I'm personally most concerned about MS adding SenderID check to Outlook
because this is the worst and most incorrect and most failure-prone use
of LMAP techniques and worst use of SPF records and unlike with hotmail
where list of users while like is limited to only those who buy from MS,
with outlook its lot and lot of users who can be affected.
- remove SPF record, as it yields false positive rejection of
mail I send
(or a customer sends)
- adapt the SPF record to PRA - *but*, live in the fear that if we are
at a position that we just reckon with any abuse of the SPF record,
that another MTA/MUA will abuse it in another way, perhaps even
incompatible to the intersection of SPF-classic and PRA I have adapted
to, so I'll have to adapt the record to all those abuses?
Right. Option 3 is leave your v=spf1 record as it is and also publish
"spf2.0/pra ?all"
Option 3 is forcing everyone to "opt-out", why are we allowing such spammer
tactics? If somebody wants to publish PRA specific record they should go
ahead and do it with syntax and record type as microsoft wants it and SPF
would take no responsibility for supporting such records.
I'm going to get myself in trouble by using an analogy...
At this point, PRA is like the weather. We can complain about it all we
want, but we aren't going to change it.
I think the situation is somewhat akin to suggesting to people who've just
moved to Florida (SPF) to avoid the cold (forgery) that you are more likely
to be subject to heavy rain (PRA failures) than they were on the North Pole
and so carrying an umbrella might be a good idea if they don't want to get
wet.
We aren't endorsing the rain, just pointing out how to deal with this fact
of life. As I see it, our choices are to ignore it or help people avoid it.
Scott Kitterman