Meng Weng Wong>
If the MARID information is going to be used for 2822 authentication ---
and I believe that it should not, because that conflates the concepts of
sender and author ---
I don't follow this argument. Are you saying that this conflates sender and
author "identities" somehow? Surely the identity we're now talking about is
the *domain* which can be claimed in what you call sender and author.
Sender and author can have a common property without being considered the
same thing.
then we should at least provide a well-defined
algorithm for all receivers to apply.
I believe this is exactly what's been proposed.
If the algorithm we come up with
is subject to gaming by spammers, we should admit that LMAP and 2822
just don't go together.
I might buy that (if true). So where do you show that it is?
I believe that 2822 authentication and LMAP don't go together. I
illlustrate the argument here:
http://spf.pobox.com/slides/crossingbeams/0100.html
(click on the rhs of the page to go forward)
You don't show such a vulnerability there, or maybe I'm not clicking right.
But given that the algorithm is yet to be defined, I don't see how we can
find fault with it at this time.