-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Kitterman wrote:
Julian Mehnle wrote:
Can a mail setup that employs SPF be significantly worse,
security-wise, than a mail setup that doesn't? What kinds of security
implications do you mean? Those that put the entire system (or
significant parts thereof) at risk, or those that just cancel or
reduce the effectivity of SPF?
I mean the macro example that Wayne gave where a forger could cause an
error and get unknown instead of Fail in the classic spec.
So why is that a security problem? "unknown" is now "PermError", and I
doubt they will let the message pass on "PermError".
I'm trying to find a reasonable way to solve the security concern that
Wayne is rightly concerned about without scaring potential new adoptors
away.
If "not scaring away potential new adopters" is a top priority, we should
define an "ignore=(yes|no)" modifier (or "op=ignore", for Frank's sake) so
beginners can publish without _any_ potential negative effect whatsoever.
</sarcasm>
You see where this is going? We simply can't protect new adopters against
their own faults (what if they accidentally type "v=spf1 ... -all" instead
of "v=spf1 ... +all"?), and if they're going to be scared away by their
own errors, we can't (and shouldn't) help it.
If macros are so difficult to master, we should perhaps add a warning to
section 8, "Note: Like everything else in this specification, macros can
cause your mail to get rejected. Use them carefully and don't mix them
up!". ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCgfBZwL7PKlBZWjsRAj2CAKDhacsc9GWKJaehRSJhoM4lE8iFKACg6pdI
3wekXbTpqp0jMpwf/bjZROg=
=/Zr0
-----END PGP SIGNATURE-----