spf-discuss
[Top] [All Lists]

RE: Council: The Meeting on 2005-02-29

2005-02-24 11:23:38
On Thu, 24 Feb 2005, Hallam-Baker, Phillip wrote:

I believe that it is important to offer HELO^d^d^d^dPRA as an option because
there are going to be people making that check, there is no way to stop them
so we might as well ensure that everyone makes the same check.

True for SPFv2 - where the scope can be stated.  For SPFv1, where the
policy was defined to apply to MAIL FROM or HELO, using it to apply
to PRA *will* break much of the installed base.

The current task is completing the SPFv1 standard.  For SPFv2, there will
almost certainly be options for PRA scope, HELO scope, MAILFROM scope, and
probably additional synthetic scopes derived from rfc2822 headers to compete
with PRA.

It is probably going to be necessary to use both DNS and cryptographic
authentication in parallel. SPF has a curious feature that makes it
practical for very large senders and very small senders. It gets really hard
for medium sized enterprises to implement it however. We have a lot of
infrastructure deployed that sends various email alerts as part of its
normal function, this is spread over a huge number of co-locs in very
complex ways. To make things worse a lot of the installations are NAT'd and
firewalled.

Interesting.  

Some possible solutions: 

Why not assign a sub domain to each coloc?  

The NATing is irrelevant, since only the public address matters.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>