> As the AD who sponsored this work, I have to disagree. ... > The recent interim meeting resulted in an agreement to work on > a converged spec taking ideas from SPF and Caller-ID. Why? These are latecomers to the field. Or is it because of this: <http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=21100498> Microsoft To Merge Caller ID With SPF Anti-Spam Scheme Microsoft on Tuesday agreed to blend its Caller ID for E-mail anti-spam proposal with another of the leading domain authentication schemes, Sender Policy Framework (SPF). The company reached the agreement with Meng Wong, the author of SPF, to merge the two proposals into one specification that will be presented to the Internet Engineering Task Force (IETF) standards body in June. ... > I do believe there are some tractable pieces here we can pull > off of the problem and solve, and I believe the working group > is committed to that task, no matter who proposes the solution. I think the working group is committed to the appearance of relevance, and now that there's a moving juggernaut, it's become important to get out in front of it somehow and appear to be leading. From [ibid]: Both Caller ID, which Microsoft chairman Bill Gates first touted in February, and Wong's SPF would confirm the sender's domain. ... "We're pleased to see Microsoft and the SPF community working together on a unified specification," said Andrew Newton, co-chair of the IETF working group that handles domain identification issues, in a statement. If there's a more blatant example of rubber stamping in the history of IETF, then I hope a better historian than I can share the archives with me. Right now there's an elephant in the room with us and it's called "fully verified opt-in" and this elephant is somehow invisible. Microsoft has been doing verification for years now, so it's not as if they would increase their costs or lose revenue if they just came out and told the world to do the same. Even Yahoo recently sent me a verify-o-gram, so the tide is turning. But still, the elephant remains invisible, and we have a federal anti-spam law that allows unverified opt-out. It's as though we want to stop forgery and make everybody run nonexecutable stack segments in XP to prevent a bazillion bots from relaying spam to us, so as to prevent "wild spam" and yet, by dint of ignoring the invisible elephant, ensuring that it will always be possible for "reputable" companies to spam like crazy. Which always made sense to me during the years when Microsoft wasn't doing verification, but it doesn't make any sense to me any more. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf