On Sat, 2005-08-27 at 12:00 -0700, william(at)elan.net wrote: > But if reuse of spf1 records is really realy the only way for MS > and it wants to continue, then the only possibility for negotiation > I see is to get it part the way for both sides. This would involve: > 1. MS agrees to change its draft and only use positive results of > SID verification on v=spf1 records (but not fail, softfail or > results if record is absent) and that for negative results real > SPF2.0 record would be needed. This overlooks a problem related to abuse-feedback techniques accruing to "Sender-ID verified" identities. An erroneous positive verification based upon a PRA, unchecked by the sender perhaps due to licensing issues, could be a serious concern. These SPF records are public and outbound servers are often shared. Neither of the path registration schemes provide domain protection at shared servers. Even with MTA checks to mitigate domain spoofing at shared servers, these checks may also be limited by the same licensing issues. This retains a need to understand the assurances made by the sender with respect to the scope of the record, and is unrelated to how a failure is handled. Assume the miscreants will know what passes. -Doug _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf
