Edward, DAU>> I don't think SPF is worthless [1] but it isn't a drop-in DAU>> solution and the impact on infrastructure will be DAU>> significant if it becomes widely adopted. EBD> When an architecture is "maxed out", it's difficult to make EBD> significant improvents that are drop-in. On the theory that you mean the email architecture, rather than the DNS architecture: <diatribe against replacing current email> I think there has yet to be a careful, coherent analysis of the current architecture that describes the clear and accepted requirements and shows that they cannot be supported by the current architecture. The more serious problem, with respect to spam control, is the lack of broad consensus on those requirements, properly balanced against their impact on the human/social aspects of email, and stated in a way that gives useful technical guidance. So, instead, the technology side of things is forced to thrash around, searching for palliatives that might have only near-term benefit. </diatribe against replacing current email> On the theory that you mean the DNS architecture, then... huh? DAU>> I think people will realize that if we're remodeling the DAU>> boat that much we should have at least made sure we were DAU>> fixing something in the process... In general, the claim that we need to rebuild email is proving easier to make than it is to describe what we need... and get clear community consensus that it is correct. EBD> Hogging the TXT RR is a bit greedy. As noted, TXT is an expedient. None of the available choices for a DNS record is all that pleasant. TXT seems to have the best near-term utility. Everyone hopes to bypass it as soon as is practical. EBD> Running something DNS-based that requires simple parsing is EBD> hardly an earth-shattering change; it smells similar to DNSBLs, EBD> yes? Yet it's still somewhat controversial. Folks might want to take a look at the set of CSV specification, notably the DNA (accreditation) portion. (<http://brandenburg.com/CSV> for a single entry-point to the set of internet-drafts.) EBD> I'd like to see widespread adoption of authenticated SMTP, with EBD> per-user restrictions on sender address. Alas, that's more EBD> difficult than, say, SAV. Call me cynical, but I don't see EBD> anything like SMTP auth+restrict taking the world by storm in the EBD> near future. Some of us agree with you. The enormous volumes of legitimate mail suggest per-user and per-message "policy" mechanisms are likely to have a few scaling problems. EBD> No, SPF isn't perfect. I'm trying to decide if it's even "good". Would that more folks were trying to consider the various proposals carefully. d/ -- Dave Crocker <mailto:dcrocker@brandenburg.com> Brandenburg InternetWorking <http://www.brandenburg.com> Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>