On 10/2/04 11:04 AM, "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net> wrote:
The common, public mantra is that approaches like domainkeys are
more 'complex' than approaches like spf and sender-id.
I believe this is wrong, for exactly the reason you state. Path
registration schemes have simpler software algorithms, but far
more difficult on-going administration requirements. So it is a
trade-off between one-time codewriting versus on-going
administration effort.
I agree.
But I also believe that 80% of the mail AOL receives is
A) One Hop today
B) Would pass SPF and SenderID type path checks
So why not deploy something quickly that can satisfy 80% of the requirement?
If we could get everyone to change their outbound MTAs to sign with DK or
another means quickly, I would say we should skip Path based approaches all
together.
But I am an engineer (electrical) and I will always look at partial success
as a step in the right direction.
I do strongly question whether SPF or SenderID (using PRA or SRS) can
achieve a 100% solution. I personally do not think so. This is why we need a
NON-PATH based solution.
But don't throw the baby out just because the drain has a slow leak....hmmm,
better find a better analogy ;-)
-Carl
--
Carl Hutzler
Director, AntiSpam Operations
America Online Mail Operations
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell