Hi Frank, This is one of the issues that the IESG believes is at the heart of concerns about using them in tandem. Your message highlights, though, that one of the statements in the IESG note got dropped accidentally. The original said: "the IESG believes that documenting the different approaches does less harm than not documenting them." I'll send an updated message to Wayne including the text. The IESG believes that SPF and Sender-ID are both going forward in the market place, and that having open specifications of them is of benefit to the community. As the IESG note states, we believe there are serious open issues. We are not recommending publication in order to recommend them, but for the information of the community and with the hope that those specifications in hand will enable a clearer analysis of the behavior. regards, Ted Hardie At 1:18 AM +0200 6/14/05, Frank Ellermann wrote:
Hi, found in <http://mid.gmane.org/p0621020bbed3921e8366@%5B129.46.227.161%5D> The IESG intends to forward the SPF draft, along with the Sender-ID drafts to the RFC Editor as Experimental RFCs. The SPF draft says: | Without explicit approval of the domain owner, checking other | identities against SPF version 1 records is NOT RECOMMENDED | because there are cases that are known to give incorrect | results. In other words this doesn't work without explicit consent. The outcome in one application (known a post-SMTP check, again NOT RECOMMENDED) will be bogus FAIL or PASS results, leading either to the deletion of legit mail, or to unwarranted trusted in phishing attempts. One of the "Sender-ID experiments" states: | Sender ID implementations SHOULD interpret the version prefix "v=spf1" | as equivalent to "spf2.0/mfrom,pra", provided no record starting with | "spf2.0" exists. This is known to cause havoc. There are literally hundreds of articles pointing this out again and again since 2005-08. The activities of Mr. Hardie in this case should be scrutinized by an indepedent body, Regards, F.Ellermann _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf