From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
Just like Relaxed provisions in SPF can create spoofers,
We could update that in v=spf1.1: + HARDPASS, ? SOFTPASS,
~ TESTFAIL, - HARDFAIL, default -all. With a definition
for "HARDPASS" in the direction of op=auth. Just an idea.
Possibly. I would to think about this more.
Don't get me wrong. SPF is fine. It is what it is. I am actually thinking
that DKIM can be used to solve the SPF forwarding problem. This might allow
systems who need a NEUTRAL to continue to use it, as long as they DKIM the
message. For a system that uses a NEUTRAL, it is going to be further tested
anyway. A DKIM signed message could resolve a NEUTRAL result because of
forwarding.
DKIM exclusive policies can solve the same problem without
the FORWARDING issue.
Trading it for a mailing list issue. I hope the DKIM list
finds a robust FWS-canonicalization, it's no rocket science.
Yeah, thats a big one.
Even if a mailing list resigns, it may break the original domain signing
policy. It raises the issue that the user might be prevented from submitting a
signed message into a list or even that a user might have to use a different
domain that is for signing purposes if its going to be invalidated all the
time. Thats a big change for users.
It is all pretty simple :-)
Maybe. I still don't get the idea of "no signing policy =>
everybody can sign what he likes", is that another "opt-out"
stunt ?
It sounds like it. No doubt, DKIM is being considered by the DMA.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com