In <4308A8BC(_dot_)5B19(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
3.1
State that v=spf1 is deployed since early 2004 (or even say
late 2003, but that's shaky) with an unknown but huge number
of published policies, last estimate by MS 750,000 at <date>
(whenever it was, IIRC late 2004 shortly after the demise of
MARID).
As I mentioned in the SPF council meeting:
23:44 <grumpy> fyi; my surveyof all .com/.net/.org domains as
of last Aug showed 650k publish SPF records. That was before MS was
really pushing SPF records.
The actual survey was done around 2004/09/21, which is September, not
August.
This *may* be of some help trying to pin down how many SPF records
were published under the draft-mengwong-spf-0[01] semantics.
I did some other surveys earlier on, but they were for a list of email
addresses used by spammers, rather than all .com/.net/.org domains. I
posted them to the MARID list, usually with a subject line that
included "survey". They may also be of some help in guestimating how
many records were published under SPF-classic semantics.
3.2
PRA and MAIL FROM are different in at least 4 cases:
- mailing list without its own PRA Sender (e.g. Sympa / Yahoo),
actually any mailing list behaving as specified in 2821 x.y
or 1123 5.3.6 b (check the sections) would cause MAIL FROM !=
PRA and not work with v=spf1. (Don't mention that it also
won't work with spf2.0/pra, that's not our problem)
- mail submission (MSA) implementing 2476bis 6.1 but not 8.1,
and a MUA not adding a missing Sender on the fly
- news submission to the moderator of a newsgroup by the news
server if it's done by as normal "forward".
- empty Return-Path (the MAIL FROM identity is then determined
by the HELO, pointer to a section of draft-schlitt)
There are also cases where a company has outsources some of their
email to an ESP and that ESP handles the bounces. These emails will
work under the SPF-classic semantics, but not under the PRA without
the ESPs and/or domain owners changing stuff. This is the "Margaret
Olson Objection", and one that Harry Katz expressed some concerns
about at the Email Auth Summit.
Personally, I think the re-use of the Resent-* headers is abusive.
The PRA could just as easily have used a new header since (almost?) no
forwarders have ever used the Resent-* headers.
-wayne