spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Andy Newton says: FTC Dismisses SPF

2005-06-23 17:13:19
from [william(at)elan.net] [Permanent Link] 

On Thu, 23 Jun 2005, wayne wrote:


In <x41x6swxni(_dot_)fsf(_at_)footbone(_dot_)schlitt(_dot_)net> wayne 
<wayne(_at_)schlitt(_dot_)net> writes:


Andy Newton just posted a blog entry that I think people will find
intersting:
http://hxr.us/blojsom/blog/grumpops/computers/anti-spam/

The FTC is not interested in getting feedback about SPF, just
SenderID, CSV ('vaporware'), Domainkeys (on hold due to merger with
IIM), IIM (see DK), and BATV ('vaporware').


Actually, reading the FTC webpage a little closer, it appears things
are a little more open ended than Andy implied:

  The proponents of these five standards and *all other members of the
  public who are testing domain-level authentication standards* are
  invited to submit their testing results to the FTC and to help
  identify domain-level authentication standards that aid the fight
  against spam and phishing, are inexpensive and simple to implement,
  and do not negatively impact the e-mail system.

The "all other members of the public who are testing domain-level
authentication standards" is important.  This is a little ambiguous
because it could mean that people who are not proponents of the 5
systems can also add comments on only those 5 systems, but I suspect
not.

Anyway, I think it would be very good of the SPF community to start
collecting the data and answering the questions that the FTC is asking
about.


The first thing you need to do is provide FTC a copy of the press-release
by SPF Council that says that SPF should NOT be viewed as being part of Sender-ID. That would help them distinguish between v=spf1 MAIL FROM 
and v=spf1 HELO test and SPF2.0/PRA tests so they don't ask about SPF
MAIL FROM in the way they did below:

https://secure.commentworks.com/FTC-EmailAuthenticationQuestionnaire/Questionnaire.pdf

| 17. If you have tested or plan to test Sender ID, did you check or will
|     you check both Purported Responsible Address (.PRA.) and .MAIL FROM?.
| 18. If you have not checked the PRA records and will not in the future, | why not? | 19. Are you planning to test additional standards? If so, when and which | ones? 

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IESG update, william(at)elan.net
Next by Date:  Re: DM News says: MSN requires Sender ID Authentication, Hector Santos
Previous by Thread:  Re: Andy Newton says: FTC Dismisses SPF, wayne
Next by Thread:  Re: Andy Newton says: FTC Dismisses SPF, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]