IESG intends to publish conflicting RfCs causing loss of legit e-mails
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IESG intends to publish conflicting RfCs causing loss of legit e-mails
Hi, found in
<http://mid.gmane.org/p0621020bbed3921e8366 at %5B129.46.227.161%5D>
The IESG intends to forward the SPF draft, along with the
Sender-ID drafts to the RFC Editor as Experimental RFCs.
The SPF draft says:
| Without explicit approval of the domain owner, checking other
| identities against SPF version 1 records is NOT RECOMMENDED
| because there are cases that are known to give incorrect
| results.
In other words this doesn't work without explicit consent. The
outcome in one application (known a post-SMTP check, again NOT
RECOMMENDED) will be bogus FAIL or PASS results, leading either
to the deletion of legit mail, or to unwarranted trusted in
phishing attempts. One of the "Sender-ID experiments" states:
| Sender ID implementations SHOULD interpret the version prefix "v=spf1"
| as equivalent to "spf2.0/mfrom,pra", provided no record starting with
| "spf2.0" exists.
This is known to cause havoc. There are literally hundreds of
articles pointing this out again and again since 2005-08. The
activities of Mr. Hardie in this case should be scrutinized by
an indepedent body,
Regards, F.Ellermann
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
