Until recently, I thought that it didn't matter what localpart signing
format is used. After all, the signature is only used/checked by
the same MTA (or cluster) that created it. However, I have
been using an auto-whitelisting technique in conjunction with
domains with SPF pass (actual or guessed) as part of spam abatement.
The auto-whitelisting whitelists addresses that local users send to.
This is spoiled by local part signing, unless I can extract the
address that a local user would use to send/reply.
Thus, while the actual signature format can be application specific,
there needs to be a standard for how to extract the original localpart.
The SRS/SES plan is simple, the original localpart is everything after
the last '='. Recognizing whether the localpart is, in fact, signed
is not that critical, since the policy can simply compare both
before and after extraction.
However, there seem to be a number of localpart coding schemes that do not
follow the SRS/SES plan.
1) What are the common localpart coding schemes other than SRS and SES?
2) How many different markers for the original localpart are there
(that we know about)?
3) Should establishing a standard separator for localpart signing
prefixes be a future goal of SPF (after current RFC, yada, yada)?
Or is it too far off topic? It seems too trivial to have its own
RFC. Where should such a standard go?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com