Nick Nicholas wrote:
Habeas, and Bonded Sender
SpamCop also considers IADB for accreditation (only the WL
part, not the "withdrawn accreditaion database" WADB part)
That's relevant for SPF, because IADB has (or used to have)
a flag for "SPF" among others like Habeas and Bonded Sender.
Then there is the SIQ group working on reputation
Also relevant for SPF, because "query FQDN + IP + scope"
and "get value 0..100" might be a nice way to integrate
various schemes behind a common SIQ-interface.
I don't see how SIQ could help with DKIM at the moment.
Other lose ends might be the former "gossip", or similar
efforts in the 'blogosphere', and OPES for SMTP (I've no
idea what they actually do).
One potentially interesting RfC is 4356 about MMS - SMTP
gateways. Speed reading it once I think that they use a
MAIL FROM == ( 2822-From or Resent-From ) concept.
Keeping track of the lose ends is difficult, e.g. the IMA
(I18N mail) idea of (simplified) "allow to use UTF-8 in
the local parts" would need an explanation how that still
works with SPF's %{l} for per user sender policies.
Future SPF documents should also have a reference to 4343,
like 4356 published the day before yesterday.
is this within the scope of SPF-oriented efforts?
After Stephen translated Doug's objections against SSP to
plain text in the DKIM WG I think we could use that also
as input for "anything 'IAR' based on (among others) SPF":
http://permalink.gmane.org/gmane.ietf.dkim/1742
SPF is pretty clear about the HARDPASS issue, but so far
one solution op=auth isn't officially acknowledged. Some
senders therefore use NEUTRAL, where they trigger Doug's
alarms about "open-ended" (his terminology) policies.
I'm not too much concerned about reputation services doing
stupid things, we even have a MUST about NEUTRAL == NONE.
Nevertheless it's something to watch, and the "unofficial"
section 3.4 in draft-spf-6-3-options won't help as long as
it's only unofficial and probably not even referenced from
the SPF web site.
do you really think the time has come for those working on
SPF to begin devoting attention to the reputation aspect?
I'd say yes, waiting that CSV flies, or that DKIM turns out
to be a FUSSP (of course it's not) obsoleting SPF makes no
sense. We could offer help for those who want to build such
systems (like SIQ) integrating SPF as one input source.
I would dearly love to talk about reputation services, and
I'm delighted that you think it is a topic worth discussing.
I just question whether this is the right time and place to
do so.
In practice all we need might be some URLs on the Web site
at this time. Not limited to IADB and SIQ.
Bye, Frank
P.S.: the link to Phil's old IAR draft was in the article
http://purl.net/xyzzy/home/test/draft-hallambaker-accreditation-00.TXT
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com