In
<C6DDA43B91BFDA49AA2F1E473732113E010BED7E(_at_)mou1wnexm05(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
I have been thinking further on the problem of introducing email
authentication. I am starting to think that apart from being complimentary
it is likely to prove essential to deploy both mechanisms.
Many people in the SPF community have long said that crypto schemes
are much more promising for dealing with authentication of the email
headers and body. So far, I don't see a clear choice between stuff
like DK, S/MIME, IIM, and SES, they all have problems. But then, if
there was an obvious solution, it would have been found years ago.
Sender-ID:
Can only provide a definitve 'success', 'not success' can be due to
either forgery or a non compliant forwarding server.
Sender-ID also has problems with many mailing lists.
Note:
The failure modes of Sender-ID and Signatures are almost entirely
orthogonal, although forwarding is a possible cause of a signature being
corrupted.
Not true. Both Sender-ID and many of the crypto schemes have problems
with mailing lists. SPF and crypto schemes are much more orthoginal.
-wayne