On Wed, 6 Oct 2004, Carl Hutzler wrote:
I agree.
But I also believe that 80% of the mail AOL receives is
A) One Hop today
B) Would pass SPF and SenderID type path checks
So why not deploy something quickly that can satisfy 80% of the requirement?
I agree and have seen similar estimates to everything you say Carl, but
its important to note that without infrastructure upgrades then you can't
reliably reject mail that *fails* an SPF or SID check without causing a
false positive rate of nearly 20%
So SPF and SID are useful to allow whitelisting of the 80% or so of
messages that *pass* checks (and are on the associated whitelist), but
will probably not be useful for anti-forgery checks.
Again, I totally agree with you. Just wanted to point out the 80-20
corollary.
-Rand