Guillaume,
Here is the problem and its classic.
We don't know whether it is possible for people to write a
sender policy which will work for everything.
Even if it is possible, with all the chances for mistakes
in setting it up and as we have never done anything like
this on the Internet before on this scale, is it better to
go with something simple?
And what about less developed countries who are simply
struggling to get online. Are we going to simply say tough?
So, does this mean we back away from making it a must on
the sender side and rather have it as a recommendation?
Prudent senders will take the time and effort to properly
configure their systems so that recipient's can run any
check they want.
Or will they? Unless it is mandatory, why do it?
On the receiving side, we have protocols which allow for
checks based on different aspects of the message header.
Which checks will be used will depend on a provider's
particular needs.
A big ISP like AOL may need to use SPF, Sender-ID,
Submitter, CSV and DomainKeys given how everyone uses their
system.
A small home based web hosting service or ISP may only need
to use SPF or CSV.
Why do it? Because, it is the most cost efficient way of
dealing with the problem of spoofing and phishing, or
because a large enough group of service providers say if
you want to send email to us, you must? Be a prudent sender.
:-)
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.734 / Virus Database: 488 - Release Date: 04/08/2004