In <200506021721(_dot_)j52HL7Oa068409(_at_)asarian-host(_dot_)net> Mark
<admin(_at_)asarian-host(_dot_)net> writes:
Roughly, there are two main positions:
1): If the cross-user forgery thing is the only issue that keeps us from
asserting authenticity, we should instead find a way to make it clear to
publishers that they must assume responsibility if they authorize an MTA.
Therefore, the following wording remains applicable:
"can now proceed with confidence in the identity".
2): Even if a publisher chooses to authorize an MTA patched to prevent
cross-user forgery, then, without adding to the spec, there is still no
way for a receiver to know this; so that "pass" can really only mean:
"can now proceed with confidence in the legitimate use of the
identity".
I am in the camp of people who think that SPF authorizes the use of a
domain name in a given context (HELO or MAIL FROM). I do not think
SPF can assert authenticity of the mail.
I also believe that we should try very hard not to change the
semantics of SPF from what was specified in the mengwong-spf-* drafts
unless we really need to. (e.g. to prevent DoS attacks, abuse of the
root name servers, to conform to implementations, etc.)
Finally, barring signed contracts between the sender and the receiver,
phrases like "the sender accepts the full burden of responsibility for
any abuse originating from authorized IP addresses" is really quite
meaningless. It doesn't sound meaningless and to senders it may sound
quite scary, but I really doubt that any responsibility could be held
up in court. While no one has suggested language that is as harsh as
I gave above, I think that venturing anywhere near the idea of
"accepting responsibility" will scare away some publishers, and do
nothing to actually hold abusive senders accountable.
I think there will always be a struggle over how to interpret the SPF
results. Receivers will push for more accountability and stricter
requirements. They will reject on Neutral/None, and try to hold
senders accountable for the smallest abuses from anything other than
Fail. Senders will try to maximize the chances that their messages
get delivered and try to avoid the really costly steps needed to make
sure abuse never happens.
If publishing a Neutral (or not publish SPF) means that too many
receivers will reject their emails, then Senders will move more toward
publishing Pass/Fail records. If rejecting on Neutral/None causes too
many useful emails to be lost, Receivers will give Senders more
slack.
I actually somewhat like of like the mengwong-spf-* definitions of Pass:
Pass (+): the message meets the publishing domain's definition of
legitimacy. MTAs proceed to apply local policy and MAY accept or
reject the message accordingly.
This is actually somewhat of a tautology. The Senders and Receivers
can argue all they want over what "legitimacy" means, with the market
place of email actually defining the results.
When I read that definition of Pass, I don't see it saying "authentic"
at all, but Julian does.
-wayne