Re: Standard Authentication Query

Scott Kitterman wrote:
> > I'm leaning toward the better long-term solution.  I don't see the urgency
> > for deployment.  It will be a long time before the whole world is using
> > SPF.  I do see some urgency in responding to the DNS worries, and getting
> > this into the draft.
> "include:not.me" may be a kludge too, but the fact that it can be used now
> with no programs that need to be upgraded on anybody's mail servers is a
> huge advantage.  If you want to wait for the real deal, you wait may be very
> long.
David is clearly emphasizing the long term, as am I, while you're very 
concerned with the short term.
At this time, there are very few published records, and they are very 
expensive. That is of no consequence because they are low volume.
If we want SPF to stay at current adoption levels, I would say that 
neither mask method is worth the trouble.
But if the SPF adoption rises, I don't want SPF to become a monster that 
will die because of the expense, and take the DNS system with it.
A good analogy is... currently we can tolerate one or two Hummer 
drivers, but if everyone had one, we'd have to double-size all parking 
spots. And then we'd need double the parking, for the same population. 
The Hummer is an unsustainable aberration.
So is an expensive SPF technology.

But ask yourself the question... why are all these people on this 
mailing list ? It's because we believe in SPF, and in the fact that in 
the future it will be as omnipresent as SMTP itself. So what's your 
reservation in designing the protocol with that expectation in mind?
Why hack now, at the beginning of it all. I don't care what the 
naysayers say "if this was a year ago", etc. As long as SPF adoption 
rate is slower than the new domain names, and slower than it's ever 
been, that means it is dying. Refusing to improve SPF for the sake of 
getting the draft out the door is akin to killing it faster.


Radu.