ietf-mxcomp
[Top] [All Lists]

Re: What Meng said

2004-08-17 09:12:04

On Aug 17, 2004, at 09:25, Meng Weng Wong wrote:
Sender ID as currently specified doesn't do that.

If people want the MAIL FROM to play a role in Sender ID,
they should say so. If they do not say so, the working
assumption is that nobody cares.

I personally think that if the PRA lookup returns "none" or
"unknown", MAIL FROM should be checked, and if that test
returns "fail" then the message should be rejected.

Meng,

This statement does not make any sense to me. SPF is a 2821 time check. While the Sender-ID spec tries to eliminate it, Sender-ID is really a 2822 time check and it performs a different function than SPF. There is no reason that Sender-ID precludes an SPF check. In fact, if you think of the anti-spam problem as a security problem, then you want defense in depth. You want any mail to pass multiple checks. Therefore, I think many operators will check SPF before the DATA phase and Sender-ID, along with other anti-spam filters, after receipt. That is the beauty of SPF - it is simple and, hence, performs one thing well. While you made a deal to combine the two specs, that is not necessary and I think that the SPF community is uninterested in dropping a working simple protocol. They can coexist.

Andrew

____________________________________
Andrew W. Donoho
awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m)


<Prev in Thread] Current Thread [Next in Thread>