From: "Ralf Doeblitz" <list+spf-discuss(_at_)doeblitz(_dot_)net>
Not sure why you posted this?
Because RFC822 *is* the current standard while RFC2822 ist
just a proposed standard that will replace RFC822 sometime.
Technically yes, but ....
If you were writing a SMTP system today, which would you use?
Adherence to RFC822 with provisions for extensions of RFC2822
and easy switchover.
Thats easy to say. Try to actually implement the design considerations when
writing your software. You are using SendMail. What options does it have
for this?
Of course, these is open ended questions without specific considertions in
mind.
I think you will have alot of false positives with
a strict RFC822.
(after all, you cannot expect every system to be able to cope
with extensions that are not yet a real Internet Standard).
I agree. But that still doesn't relate to the issue. If you are an AUTHOR
and wish to be competitive and on top of things, then you need to go with
the flow. You can remain backward compatible, so in regards to a
specific consideration, given two submissions:
One with RFC 822 compliance in mind:
Date:
From:
To:
and one with only RFC 2822 compliance in mind:
Date:
From:
How you are going to deal with this? If you are a legacy conservative
822/821 system how will you handle it?
I have a hard fail for winserver.com. Why did you continue
to accept it?
Legal reasons. The receiving system can not (yet) be configured to reject
mail for certain recipients while using tagging only (or even no SPF at
all) for toher recipients. So I'm stuck with tagging for a while longer as
filtering without the recipient ordering it would be illegal here in
Germany. Splitting the MXes and using SMTP rejects has a high priority but
still gets postponed by more important work (as the customer defines ...)
quite often. Sigh.
In other words, you mean you have a POST SMTP implemenation of SPF? <g>
You must get a alot of spam! <g>
About 1500 to 2000 per day just to my personal system.
Geez, I don't know what to say. <g> I mean, why do you allow it? Do you
mean you reject this amount or this is amount that goes into your junk box?
This is my view, trust me that this is not at personal shot at you, please
believe that. As long as systems like you exist, the SPAM will continue
to lick their chomps. You need to REJECT transactions before they will
squirm and try to adapt. But as long as you are receiving the mail, when in
fact, in the case of SPF and WINSERVER.COM and it told you to reject it,
the SPAM will continue because as far as they are concern, the job of
delivering the mail was completed. What happens after that is just icing on
the cake.
What you are doing is causing harm to my domain. When a spammer uses on
your system, and you accept the mail, then you are feeding or adding weight
to their email distribution list as a "valid" address to use on other
systems that may not be using SPF.
It seems is that you are using a POST SMTP system, a conservative concept,
which we still most support in our 20+ years package as well, but this is
old technology and doesn't fit well with new email
authentication/authorization ideas.
So I understand 100% where you are going from.:-) Trust me, I do. I still
got sysops thinking they are using UUCP <g>.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com