(note: this is my first post to dmarc@ietf.org but I participated in the original creation of DMARC and I look forward to participating in this WG)
On Oct 10, 2014, at 11:07 AM, ned+dm...@mrochek.com wrote: > > >>> -----Original Message----- >>> From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of John Levine >>> Sent: Friday, October 10, 2014 12:12 AM >>> To: dmarc@ietf.org >>> Cc: r.e.sonnev...@sonnection.nl >>> Subject: Re: [dmarc-ietf] wiki vs. list? >>> >>>> A more general comment: reading the wiki and the discussions on this >>>> list, it get the impression that we seem to focus more on the issues >>>> related to the 'DKIM part of DMARC' then on issues related to the 'SPF >>>> part of DMARC'. Is my observation correct, do we tend to forget SPF here? >>> >>> I agree with Scott, there's not much to say about it. If you forward or >>> remail a >>> message, the origin IP changes, and there's nothing you can do about it. >>> >>> Perhaps we can note that in theory the original sender could add mailing >>> list >>> IPs to its own SPF, but I never heard of anyone doing that. >>> > >> An issue that I have been thinking on - and it is the reverse of this >> discussion - is that it is operationally difficult to maintain accurate SPF >> records for organizations with a lot of domains where the SPF records vary >> across the domains. I recently found this situation with one of our domains >> (an >> acquisition). This is similar to other situations where organizations are >> fairly good with adds and changes but not so much with deletes. This isn't >> anything that can be addressed through an RFC but I think it is worth noting. > > <chair hat off> I was surprised to see you take your chair hat off when responding to a discussion of scope. Being still fairly green when it comes to IETF process I’m not sure about this, but I would have presumed one role of the chair is to help ensure the WG stays within its approved scope. I’m asking about this because I believe managing scope is critically important to the success of this WG and I’d like to know who plays what role in helping us stay on track. Thank you. > > This looks to me to be an operational issue with deploying SPF at scale. This > WG"s charter is pretty specific that we're focusing on issues caused by "mail > that does not flow from operators having a relationship with the domain owner, > directly to receivers operating the destination mailbox". I don't see how this > fits within that scope. > > So, while I'm sympathetic to the difficulties using SPF in this way, > I don't think it's in scope for the present effort. > > Ned The charter also states the WG "will also provide technical implementation guidance and review possible enhancements elsewhere in the mail handling sequence that could improve DMARC compatibility.” While I’m personally not too concerned about deploying SPF at scale, I am concerned about this particular aspect of the charter and preserving it. If we forget this aspect of our charter then we are left with nothing in our toolbox but to change DMARC itself to accommodate MLM’s and other "mail that does not flow from operators having a relationship with the domain owner, directly to receivers operating the destination mailbox” with no ability to at least “guide” other processors toward practices that would help them improve their compatibility with DMARC. -Brett _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
