...... Original Message .......
On Sat, 21 May 2005 22:57:37 -0500 wayne <wayne(_at_)schlitt(_dot_)net> wrote:
In <200505211702(_dot_)55793(_dot_)bulk(_at_)mehnle(_dot_)net> Julian Mehnle
<bulk(_at_)mehnle(_dot_)net>
writes:
Bill Taroli wrote:
| 2.5.3. Pass
|
| A "Pass" result means that the client is authorized to inject mail
| with the given identity. Further policy checks, such as reputation,
| or black and/or white listing, can now proceed with confidence in
the
| identity.
Therefore I think we should adopt Scott Kitterman's proposal:
| 2.5.3. Pass
|
| [same as above] The domain used in the given identity
| accepts responsibility for messages from the client. Further
| identity base [same as above]
Wayne, what do you think?
I think that "accepts responsibility" is a loaded term that will scare
away people from publishing SPF records. Does that mean that the
domain owner must accept all responsiblity for any illegal, immoral or
unethical behavior that the MTA owner and/or user of that MTA may do?
Do you want to try and add a paragraph and a half qualifying just what
kinds of responsiblities the domain owner is accepting?
Is this kind of responsibility something that current SPF publishers
have already accepted? If not, should we retroactively foist such
responsibility on them?
As much as I might like to increase the accountability of MTA owners,
I think this is a *REALLY* bad idea. I confess that I didn't
initially see it this way, but it is something that, thinking about
it, just started to bug me.
I didn't mean it to be anything other than a clarification of the current
situation.
Is ...is accountable... any better than ...accepts responsibility... All
I'm trying to capture is the idea that if an MTA that I give a pass to
sends out bad mail with my name on it, I shouldn't whine if that name ends
up on an RBL or my reputation suffers. So, before I give a pass, I better
trust the MTA for real.
I don't think this is news. The domain based RBL example's been on the
spf.pobox.com site for a year.
Scott K