-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of wayne
Sent: Monday, May 09, 2005 9:06 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] For SPF council review: NOT RECOMMENDED
In <x4br7kvagz(_dot_)fsf(_at_)footbone(_dot_)schlitt(_dot_)net> wayne
<wayne(_at_)schlitt(_dot_)net> writes:
In
<Pine(_dot_)LNX(_dot_)4(_dot_)62(_dot_)0505090119450(_dot_)26914(_at_)sokol(_dot_)elan(_dot_)net>
"william(at)elan.net" <william(_at_)elan(_dot_)net> writes:
--
Without explicit approval of record owner, checking other identities
against v=spf1 records is NOT RECOMMENDED, because there are cases
(e.g. Section 9.3) that are known to give incorrect results."
--
I like that. Along with the changes suggested by Julian (and others),
it now reads:
Julian and I talked this over on the #spf IRC channel, and came up
with this paragraph:
Without explicit approval of the record owner, checking other
identities against SPF version 1 records is NOT RECOMMENDED
because there are cases that are known to give incorrect
results. For example, most mailing lists rewrite the "MAIL
FROM" identity (see <xref target="mailing-lists"/>), but
some do not change any other identities in the message. The
scenario described in <xref target="forwarding"/>.1.2 is
another example. Documents that define other identities
should define the method for explicit approval.
As an alternative, we discussed defining an additional-scopes= modifier
to say which scopes, besides the implicit MAIL FROM and HELO scopes,
should be approved by the domain owner. In the end, we decided that
kicking the problem of defining "explicit approval" off on others to
be simpler and less constraining.
Comments welcome.
-wayne
Adding the without approval language takes care of uses like the AOL Dynamic
Sender list:
http://postmaster.aol.com/spf/about.html
They use SPF records less the PTR mechanism. Since you have to ask to be on
the list, I'd say explicit approval takes care of that.
BTW, this is a use that is compliant with your proposed wording that
wouldn't have been under the alternative I proposed (since they don't use
PTR, the result is not identical in all cases).
Scott K