Mailing List Archive

SPFv1 = RFC 4408, and other news from the SPF Project
HTML: http://new.openspf.org/News/SPFv1_is_RFC_4408

======================================================================
NEWS FROM THE SENDER POLICY FRAMEWORK (SPF) PROJECT
======================================================================

A lot has happened since the SPF project's last real news announcement
in May 2005[1]:

----------------------------------------------------------------------
The SPF project's website has moved: http://www.openspf.org
----------------------------------------------------------------------

To begin with, the project's website at http://spf.pobox.com has
moved to a new host and domain at http://www.openspf.org -- thanks to
project founder Meng Weng Wong and pobox.com for having hosted the
website for the last three years! Everyone please update your links!

----------------------------------------------------------------------
SPFv1 = RFC 4408 = http://www.rfc-editor.org/rfc/rfc4408.txt
----------------------------------------------------------------------

Nineteen months after the IESG, the steering group of the Internet
Engineering Task Force (IETF), shut down the MARID (MTA Authorization
Records in DNS) working group and asked for individual submissions
from the SPF project and Microsoft in September 2004[2], and nearly
three years after the SPF project was initially founded by Meng Weng
Wong, the SPFv1 specification has now been published as RFC 4408[3]!

This specification has been refined from earlier editions, but great
care has been taken to remain compatible with the first stable SPFv1
specification published in December 2003[4]. Many lessons learned,
security considerations, and other bits of useful information have
been added to the document, so reviewing it should prove worthwhile if
you haven't done so within the last year and a half.

The IESG has assigned the RFC "Experimental" status, meaning that they
consider it part of an ongoing research effort within the field of
e-mail sender authentication and that they wish additional data to be
collected on the performance of SPF. Therefore we invite you to try
out SPF, recommend it to your peers, and feed your experiences back to
us[5]. We will be collecting your reports and statistics on the
upcoming new SPF website for evaluation and later presentation to the
IESG.

----------------------------------------------------------------------
The controversy about SPF and Sender ID
----------------------------------------------------------------------

In June 2005, the IESG had announced[6] its acceptance of the final
SPFv1 specification draft (draft-schlitt-spf-classic)[7] and Micro-
soft's SPF derivative called Sender ID (draft-lyon-senderid-core) for
the publication as RFCs.

Sender ID however re-uses SPF's "v=spf1" records in an incompatible
way, so in August 2005 the SPF project appealed[8] the IESG's decision
to publish Sender ID with that incompatibility included. In December
2005, the IESG rejected the appeal, explaining that, although they did
recognize the incompatible re-use as being a problem, they did not
want to change the Sender ID specification but still wanted to publish
the conflicting protocols so they'd both be documented.[9] An
escalated appeal[10] to the Internet Architecture Board (IAB) was
likewise rejected in March 2006 as the IAB considered it to be within
the IESG's rights to make that decision.[11]

For our detailed take on the ambiguous situation that now exists due
to the equal publication of Sender ID as RFC 4406, please see our
website.[12]

----------------------------------------------------------------------
The project agenda for 2006
----------------------------------------------------------------------

The SPF project has set the following goals for 2006[13]:

* Get SPFv1 published as an RFC! --DONE!--
* Complete the new website[14] to replace the current one!
* Review the available SPF library implementations[15] and bless at
least one of them as a reference implementation.
* Review SPF support in MTAs and get SPF into more MTA distros.
* Review SPF support in OSes and get SPF into more OS distros.
* Start a grassroots "Spread SPF!" campaign to get in touch with
domain owners and ESPs/ISPs.

If you'd like to contribute to these tasks (or to something else),
please join the spf-discuss mailing list[16] and lend a hand. All
contributions are greatly appreciated!

----------------------------------------------------------------------
Thanks to the 2005 SPF Council!
----------------------------------------------------------------------

In January 2006, the SPF project elected a new council (see below for
more information). Thanks to the outgoing 2005 council members[17],
Meng Weng Wong, Wayne Schlitt, Chuck Mead, and Greg Connor, for their
hard work and dedication -- and especially Meng for founding the
project in 2003 and advocating sender authentication to ISPs/ESPs, and
Wayne for his great work on the post-MARID SPFv1 specification! All
previous council members are invited to continue in an advisory
capacity.

The 2006 council would also like to thank Greg Connor for his work as
the election officer for the 2006 council elections[18].

----------------------------------------------------------------------
The elected 2006 Council
----------------------------------------------------------------------

The 2006 SPF Council has started its term on January 30, 2006.[18]
The elected council members are (in last name alphabetical order):

Stuart Gathman (Fairfax, VA, USA)
Mark Kramer (Leiden, Netherlands)
William Leibzon (Palo Alto, CA, USA)
Julian Mehnle (Munich, Germany)
Mark Shewmaker (Atlanta, GA, USA)

The council elected Julian as its chairman and William as its
secretary.

For questions of any kind, please post to the spf-discuss mailing
list[16] or contact us directly[5].

----------------------------------------------------------------------
References
----------------------------------------------------------------------

1. http://archives.listbox.com/spf-announce/200505/0001.html
2. http://www.imc.org/ietf-mxcomp/mail-archive/msg05061.html
3. http://new.openspf.org/Specifications
4. http://new.openspf.org/svn/project/specs/drafts/draft-mengwong-spf.02.9.4.txt
5. http://new.openspf.org/Contact
6. http://www1.ietf.org/mail-archive/web/ietf-announce/current/msg01357.html
7. http://new.openspf.org/svn/project/specs/drafts/draft-schlitt-spf-classic-02.txt
8. http://www.ietf.org/IESG/APPEALS/appeal-draft-lyon-senderid-core.txt
9. http://www.ietf.org/IESG/APPEALS/appeal-response-julian-mehnle.txt
10. http://www.iab.org/appeals/2006-02-08-mehnle-appeal.html
11. http://www.iab.org/appeals/2006-03-02-mehnle-response.html
12. http://new.openspf.org/SPF_vs_Sender_ID
13. http://new.openspf.org/Project_Agenda
14. http://new.openspf.org
15. http://new.openspf.org/Implementations
16. http://new.openspf.org/Forums
17. http://new.openspf.org/Council_Election/2004-11
18. http://new.openspf.org/Council_Election/2006-01

----------
To unsubscribe from this list, or change the email address where you receive messages,
please go to http://v2.listbox.com/member/?listname=spf-announce@v2.listbox.com