-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex van den Bogaerdt wrote:
Especially if the application mumbles something like "Rejected due to
SPF" it does not deserve the stamp, no matter which other protocols are
also in that application.
I tend to agree with Alex.
The compliance seal should be about more than just passing the test suite.
It should be about conforming to RFC 4408 (which is also what the logo
says).
RFC 4408 2.4/2 says:
| Without explicit approval of the domain owner, checking other
| identities against SPF version 1 records is NOT RECOMMENDED because
| there are cases that are known to give incorrect results. [...]
RFC 2119 says:
| 4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that
| there may exist valid reasons in particular circumstances when the
| particular behavior is acceptable or even useful, but the full
| implications should be understood and the case carefully weighed
| before implementing any behavior described with this label.
I don't think Sender ID can be generally considered a "particular
circumstance".
Thus I'd consider a S-ID implementation that also passes the RFC 4408 test
suite to be incompliant with RFC 4408.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFtCU/wL7PKlBZWjsRArukAJ9pGTk0mkOEf3JDRcuUeCxqxV2s3QCg96Oh
3OxXADgjiyWhcgPlv69TeP0=
=KCTH
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735