----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
To: "'Tony Finch'" <dot(_at_)dotat(_dot_)at>; <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, May 05, 2004 10:04 AM
Subject: RE: CSV (Crocker's draft) good! (evaluation, big suggestion)
One would expect that in this case you would have MARID authentication
on all *.cam.ac.uk mail servers and that you would then configure the
MARID authentication schemes to consider all mail forwarded from a
*.cam.ac.uk mail server to have been pre-authenticated.
The forwarding relationships that cause problems for CallerID and MARID
schemes are those that occur before the incomming edge server. In the
example you give I would regard ucs.cam.ac.uk to be the edge server and
*.cam.ac.uk to be in this respect non-edge servers that trust ucs to
do its job properly.
Right, we just ran into a customer situation today where they have a
network of MX, all but one is secured with our anti-spam software. The one
of out of their control (so they say) is just a relay machine. Trusted
within the internet domain and network, but they don't have the power to add
our anti-spam stuff to it to make them all the same.
I had to explain to them that this is like installing a $10K home security
system and still leaving the key under the door map.
I guess the issue here is that we will have a lot of people using
alternative or secondary service bureaus (anti-spam shops for example) that
may not support or take much longer to support marid or have something else
in place, but not MARID.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com