Re: [EAI] Re: SPF and DKIM

To: Harald Alvestrand <harald at alvestrand.no>, abel <abelyang at twnic.net.tw>
Subject: Re: [EAI] Re: SPF and DKIM
From: John C Klensin <klensin at jck.com>
Date: Fri, 09 Mar 2007 11:36:26 -0500
Cc: ima at ietf.org, Kari Hurtta <hurtta+gmane at siilo.fmi.fi>
In-reply-to: <45F11064.5070305@alvestrand.no>
List-archive: <http://www1.ietf.org/pipermail/ima>
List-help: <mailto:ima-request@ietf.org?subject=help>
List-id: "EAI $Email Address Internationalization$" <ima.ietf.org>
List-post: <mailto:ima@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
References: <E1HMsDy-0002br-3R@stiedprstage1.ietf.org> <03f301c7614d$e918a130$c7d348d3@aabbeell> <5dirdcchpo.fsf@Hurtta06k.keh.iki.fi> <049401c7615b$835ae980$c7d348d3@aabbeell> <45F11064.5070305@alvestrand.no>

--On Friday, 09 March, 2007 08:44 +0100 Harald Alvestrand
<harald at alvestrand.no> wrote:

>> Yes, but users/clients dont know whether their provider has
>> SPF record in their ALT-ADDRESS,
>> If there are SPF in thoes domain include '-all' , that maybe
>> cause their mail to be rejected.
>> Mail adminstrator is hard to explains those issue to their
>> clients.
>>   
> I think the brutal answer is "don't do that".
> If you use an email address in an ALT-ADDRESS, that needs to
> be an email address controlled and managed by someone who's
> actively supporting UTF8SMTP - including mangling the SPF
> records (if any) to allow the gateways to send the messages as
> needed.

I may be wrong, but I think that, in the overwhelming number of
cases in which downgrade is actually plausible, Abel's analysis
is going to turn out to be equivalent to "for a
backward-pointing address, either 

(1) Use SPF without ALT-ADDRESS, thereby guaranteeing message
rejection if a downgrade situation arises.

(2) Use ALT-ADDRESS without SPF, thereby losing whatever
benefits SPF is expected to convey but without the risk of an
apparently-clear SPF rejection.

(3) Use them together and just hope that, if downgrading occurs,
it occurs with a domain context that is sufficiently permissive.

And, again, if someone wants to put that, or other comments,
into a separate document that is not on the WG's plate (or
discussed on its mailing list), at least in the near term, I
think that would be great.  In particular it is a set of issues
that such a document might usefully bring to the attention of
the SPF community.

     john

_______________________________________________
IMA mailing list
IMA at ietf.org
https://www1.ietf.org/mailman/listinfo/ima

References:
- [EAI] I-D ACTION:draft-ietf-eai-utf8headers-03.txt
  - From: Internet-Drafts
- [EAI] SPF and DKIM
  - From: abel
- [EAI] Re: SPF and DKIM
  - From: Kari Hurtta
- Re: [EAI] Re: SPF and DKIM
  - From: abel
- Re: [EAI] Re: SPF and DKIM
  - From: Harald Alvestrand

Prev by Date: [EAI] Re: DRAFT agenda, EAI WG
Next by Date: Re: [EAI] Re: From Jari: Re: Your DISCUSS on draft-ietf-eai-framework-05 (fwd)
Previous by thread: Re: [EAI] Re: SPF and DKIM
Next by thread: Re: [EAI] SPF and DKIM
Index(es):
- Date
- Thread

Re: [EAI] Re: SPF and DKIM

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.