On Sat, 26 Feb 2005, David MacQuigg wrote:
At 12:08 AM 2/26/2005 -0500, Stuart D. Gathman wrote:
Seriously, though, if the IETF came to you and said, were finalizing a
standard for email authentication in 30 days. We're going to pick just one
proposal of the many that are before us. What is your nomination?
SPF + SRS(opt) + SES(opt)
My nomination would include only three header items: The IP address, the
authenticated domain name, and the authentication result. Standardize
that, and you can debate the rest forever. The IP address is already
nailed down in RFC 2821. That leaves the only two items that anyone could
object to. Note: We don't need to debate the protocol for determining
which domain name to use. That can be protocol-specific. Details of
formats are too trivial for a debate. About the only thing I see that is
debatable is the authentication result. ( How many different levels of
SoftFail, etc.). As a last resort, if no agreement can be reached by day
29, then each protocol can use its own words, like SPF1(SoftFail).
Your email authentication proposal is probably fine, if I were to look at
it in detail. The reason I am dismissive is that you have not mentioned
anything that would make it functionally different from SPF + SRS.
SPF + SRS have been in production for over a year now, with over 200000
domains in the registry. Spammers are adopting it also (which is fine,
SPF is *NOT* a spam filter). There is no reason to study your proposal
unless you can convince me that it solves some problem that is
not addressed by SPF + SRS + SES. And if you *were* to identify such
feature, I would push to add your idea to SPFv2 or whatever, rather
than abandon the highly successful and effective SPF protocol for
your untried system. The problems you have identified with SPF have
not been with SPF itself, but with some implementors (e.g. pobox.com)
not actually checking it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.