spf-discuss
[Top] [All Lists]

Re: Re: Any actions coming in regards to approval of SID drafts for RFC and their IETF "approved" reuse of v=spf1 records ?

2005-08-21 19:45:09
In <4308A8BC(_dot_)5B19(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann 
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:

3.1
State that v=spf1 is deployed since early 2004 (or even say
late 2003, but that's shaky) with an unknown but huge number
of published policies, last estimate by MS 750,000 at <date>
(whenever it was, IIRC late 2004 shortly after the demise of
 MARID).

As I mentioned in the SPF council meeting:

23:44 <grumpy> fyi; my surveyof all .com/.net/.org domains as
      of last Aug showed 650k publish SPF records. That was before MS was
      really pushing SPF records.


The actual survey was done around 2004/09/21, which is September, not
August.

This *may* be of some help trying to pin down how many SPF records
were published under the draft-mengwong-spf-0[01] semantics.

I did some other surveys earlier on, but they were for a list of email
addresses used by spammers, rather than all .com/.net/.org domains.  I
posted them to the MARID list, usually with a subject line that
included "survey".  They may also be of some help in guestimating how
many records were published under SPF-classic semantics.



3.2
PRA and MAIL FROM are different in at least 4 cases:
- mailing list without its own PRA Sender (e.g. Sympa / Yahoo),
  actually any mailing list behaving as specified in 2821 x.y
  or 1123 5.3.6 b (check the sections) would cause MAIL FROM !=
  PRA and not work with v=spf1.   (Don't mention that it also
  won't work with spf2.0/pra, that's not our problem)
- mail submission (MSA) implementing 2476bis 6.1 but not 8.1,
  and a MUA not adding a missing Sender on the fly
- news submission to the moderator of a newsgroup by the news
  server if it's done by as normal "forward".
- empty Return-Path (the MAIL FROM identity is then determined
  by the HELO, pointer to a section of draft-schlitt)

There are also cases where a company has outsources some of their
email to an ESP and that ESP handles the bounces.  These emails will
work under the SPF-classic semantics, but not under the PRA without
the ESPs and/or domain owners changing stuff.  This is the "Margaret
Olson Objection", and one that Harry Katz expressed some concerns
about at the Email Auth Summit.


Personally, I think the re-use of the Resent-* headers is abusive.
The PRA could just as easily have used a new header since (almost?) no
forwarders have ever used the Resent-* headers.


-wayne