IESG intends to publish conflicting RfCs causing loss of legit e-mails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, found in

<http://mid.gmane.org/p0621020bbed3921e8366@%5B129.46.227.161%5D>

The IESG intends to forward the SPF draft, along with the
Sender-ID drafts to the RFC Editor as Experimental RFCs.

The SPF draft says:

| Without explicit approval of the domain owner, checking other
| identities against SPF version 1 records is NOT RECOMMENDED
| because there are cases that are known to give incorrect
| results.

In other words this doesn't work without explicit consent.  The
outcome in one application (known a post-SMTP check, again NOT
RECOMMENDED) will be bogus FAIL or PASS results, leading either
to the deletion of legit mail, or to unwarranted trusted in
phishing attempts.  One of the "Sender-ID experiments" states:

| Sender ID implementations SHOULD interpret the version prefix "v=spf1"
| as equivalent to "spf2.0/mfrom,pra", provided no record starting with
| "spf2.0" exists.

This is known to cause havoc.  There are literally hundreds of
articles pointing this out again and again since 2005-08.  The
activities of Mr. Hardie in this case should be scrutinized by
an indepedent body,
                         Regards, F.Ellermann



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]