In <009101c56a67$6e5272c0$6c62fea9(_at_)ibmrkydk2ufvdd> "John Glube"
<jbglube(_at_)sympatico(_dot_)ca> writes:
I thought all this was clear when I made my initial post in
this thread. But since it seems at least once person was
confused, I am clarifying matters by way of a top post.
Thanks for clearing things up.
As to what Wayne wrote on June 5, 2005 in this thread in
response to my post:
|<snip>
|
|> Keep in mind the purpose of an experimental protocol:
|>
|> |The "Experimental" designation typically denotes a
|> |specification that is part of some research or development
|> |effort.
|
|Right, which doesn't describe the SPFv1 protocol that has
|been in use and largely unchanged since late 2003/early
|2004.
I believe the record shows there has been something like 6
draft protocols for v=spf1 since 2003,
The question is not "how many draft specs have there been?" but "how
compatible are the draft specs with each other?" Actually, the most
critical one is "is the final spec compatible with the install base?"
Yes, ther there have been many draft specs released, but the goal
since I took over editing was to make them as compatible as possible.
I have posted the list of changes between most of the specs, and a
great deal of the changes in the most recent ones have been due to
discovering incompatible changes were made during the MARID process
and they need to be fixed.
Since the last 2 protocols, senders are now being asked to
publish v=spf1 records for both the domain in the SMTP mail
From and the EHELO/HELO commands.
Yes, yes I know, the mantra is that publishing a v=spf1
record for the domain in the EHELO/HELO command was always
part of v=spf1. However, since my involvement in June,
2004, I don't recall any emphasis being placed on
publishing a record for the domain used in the EHELO/HELO
command until October/November 2004.
I once went back and investigated the subject of the optional HELO
checking in SPF. There were a lots of people who wanted back in the
summer of 2003, and people kept asking for it after the "frozen" spec
in Dec 2003. Hector is almost certainly the one who actually managed
to convince Meng to change the spec in early 2004, but he wasn't the
first or only person to try.
As I have said many times, the SPF wizard that Meng created back in
2003 recommended publishing SPF records for the HELO domain and would
generate them for you, just like the SPF record for the MAIL FROM
domain. I bet if you use archive.org you would be able to verify this.
What happened was that during MARID, the emphasis on HELO checking via
SPF was not mentioned much (although it was mentioned). There were
two primary reasons for this. First, when CallerID and SPF were
merged after the MARID interim meeting, MS *REALLY* didn't want to do
HELO checking, so all references to it were dropped in SenderID.
Secondly, the workgroup chairs said we were supposed to focus on
SenderID and we would deal with the other identities later. As a
result, discussions of SPF's MAIL FROM and HELO checking didn't come
up very often, but the CSV folks kept bring up their system.
As such, looking at the record in its entirety, I must
strongly disagree with your statement and no, I am not
going to go through the record at this time and dig up
every relevant statement.
Well, um, I'm not sure what to say. I *have* gone dug up the relevant
statements, and I *was* there throughout, not just since June 2004.
If you don't believe what I tell you, and you won't investigate things
your self, then I guess we will just have to agree to disagree.
Having said this, I appreciate the acknowledgement that:
<snip>
|Even if we do come up with something new to address the
|problems with SPFv1, I don't see the deployment of SPFv1
|ending any time in the near future.
<snip>
The acknowledgement that there are "problems with SPFv1" is
the strongest reason for keeping v=spf1 as an experimental
protocol.
Why? So that those who use this protocol will understand it
is an experiment and so subject to change.
By that logic, almost every protocol on the internet is
"experimental". I mean, the whole idea of the various sender
verification checks is to fix known problems with SMTP.
-wayne