spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Question on a unified policy record approach

2005-09-01 10:26:58
from [Stuart D. Gathman] [Permanent Link] 
On Thu, 1 Sep 2005, Kurt Andersen wrote:


As the postmaster of a fairly large company, I've been somewhat
frustrated by the balkanization of the different email auth
groups.

Is there any current work underway toward a "unified" or extensible
policy mechanism that would allow current (and future) auth
mechanisms to coexist?  I gather that the spf3 project is somewhat
moribund from the lack of web activity since its proposal during
MARID.


Most of the systems cooexist just fine.  And for the most part, they
are not redundant either, since they validate different identities,
or 

System          Identity                                        Method Type
CSA (CSV)       HELO                                            Connect IP
SPF             MFROM,HELO                                      Connect IP
SID             PRA (Patented synthetic rfc2822 identity)       Connect IP
DKIM            Most RFC2822 headers                            Crypto (PK)
SES             MFROM, Most RFC2822 headers                     Crypto (MD5)

Yes, it would be nice to have a unified syntax for the whole lot, but the
current situation lets each system get the kinks out independently.

The only project not playing nice with the others (technically that is,
they all have members who enjoy dissing other projects) is Microsoft
Sender-ID (by reusing the incompatible v=spf1 policies for PRA).

Personally, I want my MTA to have *all* of the above available.  
I can tune for a particular situation (e.g. turn off DKIM to avoid
CPU cost, disable PRA to avoid patent license).

I have adding CSV/CSA support to pymilter on my TODO list.  Sure, it
is not as widely deployed, but if the info is available, why not use it.

I think CSV/CSA policies could be translated to spf2.0/helo records
without loss of information (but not v=spf1 since that would imply
an MFROM policy as well).  And SPF polices could be published as
spf2.0/mfrom,helo.   So all your connect IP method types are already unified
with spf2.0.  But MTAs must continue to read the old formats for 
backward compatibility.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] Re: Resent-* oddities (was: Additional appeal against publication of draft-lyon-senderid-* [...]), Seth Goodman
Next by Date:  Re: [spf-discuss] Question on a unified policy record approach, wayne
Previous by Thread:  [spf-discuss] Question on a unified policy record approach, Kurt Andersen
Next by Thread:  Re: [spf-discuss] Question on a unified policy record approach, wayne
Indexes:  [Date] [Thread] [Top] [All Lists]