On Mon, 22 Jan 2007, Alex van den Bogaerdt wrote:
On Sun, Jan 21, 2007 at 07:47:25PM -0500, Stuart D. Gathman wrote:
If the SPF result is pass based on MAIL FROM when it should be, it isn't
really
our problem if SID gets the wrong result. (Except that evil and clueless
people will blame the wrong result on "SPF", I know.)
It becomes our problem as soon as we stamp an OK on an implementation.
We are only certifying the SPF result. We don't currently have a test
suite for SID results. So we can't currently certify SID implementations
(and I'm not sure we want to). The problem you are worried about is an
incorrect SID result, not an incorrect SPF result. While evil and stupid
people *will* confuse SID results with SPF results, we are not
certifying SID results.
Note, that a similar situation exists with "Guessed" SPF results. Such
heuristics are useful (and I use them), but it is important that they are not
labelled as official SPF results, or put into a Received-SPF header.
Yet, the test suite does not cover this - and I can't think of a good
way to have it do so. I can check the Received-SPF output of a
library (and do so for pyspf), but I can't check whether an application puts
other results (SID, best guess SPF) in instead at runtime.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735