hill to climb around the administration of adding another
record (its type doesn't matter). Their issue is that
forward DNS is under the control of another entity and
just getting the MX to point to the right place is
headache."
Is this one of the primary reasons MARID failed? The DNS
management issues of Sender ID and SPF are much more taxing
(orders of magnitude more frequent updates, little
possbilities of using the same record for different hosted
domains etc) than the specs that have been proposed here.
The common, public mantra is that approaches like domainkeys are
more 'complex' than approaches like spf and sender-id.
I believe this is wrong, for exactly the reason you state. Path
registration schemes have simpler software algorithms, but far
more difficult on-going administration requirements. So it is a
trade-off between one-time codewriting versus on-going
administration effort.
d/
--
Dave Crocker <mailto:dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <http://brandenburg.com>