wayne wrote:
This is not true. As Dick St. Peters correctly points out,
this is defined in the SenderID specs. Go read the drafts.
| This document only defines the existence of two scopes: "mfrom" and
| "pra". The details of these two scopes are defined in other
| documents: "mfrom" is defined in [SPF], "pra" is defined in [PRA].
That [SPF] is draft-schlitt-spf-classic. But there's nothing
about a "spf2.0/mfrom" in your draft. They've simply copied
this from the MARID draft and replaced the old marid-mfrom
reference by [SPF].
Sloppy. It never had the vetting and last calls like your
stuff, they were never interested in any details like subtle
HELO issues not limited to %{h}.
What they've done is no specification, it's the postulation
of a specification for anything not relevant for PRA...
| Other scopes may be defined by future documents only.
...like separate helo or not, that's irrelavant from their
POV, they do 2822, not SMTP. I certainly agree that the
postulated "mfrom" stuff _should_ be what [SPF] is, incl.
MAY (now SHOULD) HELO and %[h].
But from an spf2.0 POV that has to be stated somewhere, and
it would have positional modifiers, because that's in fact
specified in lyon-sederid-core:
| This section replaces section 4.6.3 of [SPF] and adds the
| concept of positional modifiers.
If you'd think that your document already is the "mfrom"
specification, how comes that folks like Dick or the MAAWG
still have doubts about HELO ?
They didn't do a very good job of it, but it mostly works.
We're in violent agreement about this, but some others are
apparently not so sure that mfrom = spf1 + pos. mod.
in practice, people *do* use their email address as their
HELO domain.
So what ? If they are happy with the same SPF policy record
that's fine, And otherwise they'd use names mail.example.com
for the HELO to separate it from a MAIL FROM user(_at_)example(_dot_)com(_dot_)
Hotmail, for example, uses hotmail.com for it's helo domain.
TTBOMK unusual. Sometimes I do look into timestamp lines.
Even spammers try smtp.xyzzy.claranet.de (plain nonsense of
course).
(1) Where does the number "1,700,000 domains" come from ?
See: http://www.openspf.org/services.html
Yes, I saw that, but IIRC there's no source for this claim.
Better add a pointer with an explanation. After the old
infinitepenguins list said that about half of the population
of Luxemburg has a SPF policy I'm very cautious with any
"pardon our dust" crap.
If you ran a survey you could post it in "announce" getting
automagically a link and a date for references elsewhere.
Bye, Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com