spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Successes and failures of the SPF project in 2005

2006-01-11 12:11:46
wayne wrote:

This is not true.  As Dick St. Peters correctly points out,
this is defined in the SenderID specs.  Go read the drafts.

| This document only defines the existence of two scopes: "mfrom" and
| "pra".  The details of these two scopes are defined in other
| documents: "mfrom" is defined in [SPF], "pra" is defined in [PRA].

That [SPF] is draft-schlitt-spf-classic.  But there's nothing
about a "spf2.0/mfrom" in your draft.  They've simply copied
this from the MARID draft and replaced the old marid-mfrom
reference by [SPF].

Sloppy.  It never had the vetting and last calls like your
stuff, they were never interested in any details like subtle
HELO issues not limited to %{h}.

What they've done is no specification, it's the postulation
of a specification for anything not relevant for PRA...

| Other scopes may be defined by future documents only.

...like separate helo or not, that's irrelavant from their
POV, they do 2822, not SMTP.  I certainly agree that the
postulated "mfrom" stuff _should_ be what [SPF] is, incl.
MAY (now SHOULD) HELO and %[h].

But from an spf2.0 POV that has to be stated somewhere, and
it would have positional modifiers, because that's in fact
specified in lyon-sederid-core:

| This section replaces section 4.6.3 of [SPF] and adds the
| concept of positional modifiers.

If you'd think that your document already is the "mfrom"
specification, how comes that folks like Dick or the MAAWG
still have doubts about HELO ?

They didn't do a very good job of it, but it mostly works.

We're in violent agreement about this, but some others are
apparently not so sure that mfrom = spf1 + pos. mod.

in practice, people *do* use their email address as their
HELO domain.

So what ?  If they are happy with the same SPF policy record
that's fine,  And otherwise they'd use names mail.example.com
for the HELO to separate it from a MAIL FROM user(_at_)example(_dot_)com(_dot_)

Hotmail, for example, uses hotmail.com for it's helo domain.

TTBOMK unusual.  Sometimes I do look into timestamp lines.
Even spammers try smtp.xyzzy.claranet.de (plain nonsense of
course).

(1) Where does the number "1,700,000 domains" come from ?
See: http://www.openspf.org/services.html

Yes, I saw that, but IIRC there's no source for this claim.
Better add a pointer with an explanation.  After the old
infinitepenguins list said that about half of the population
of Luxemburg has a SPF policy I'm very cautious with any
"pardon our dust" crap.

If you ran a survey you could post it in "announce" getting
automagically a link and a date for references elsewhere.

                           Bye, Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>