ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: What Meng said

2004-08-17 09:12:04
from [Andrew W. Donoho] [Permanent Link]

On Aug 17, 2004, at 09:25, Meng Weng Wong wrote:
Sender ID as currently specified doesn't do that.

If people want the MAIL FROM to play a role in Sender ID,
they should say so. If they do not say so, the working
assumption is that nobody cares.

I personally think that if the PRA lookup returns "none" or
"unknown", MAIL FROM should be checked, and if that test
returns "fail" then the message should be rejected.

Meng,

This statement does not make any sense to me. SPF is a 2821 time check. While the Sender-ID spec tries to eliminate it, Sender-ID is really a 2822 time check and it performs a different function than SPF. There is no reason that Sender-ID precludes an SPF check. In fact, if you think of the anti-spam problem as a security problem, then you want defense in depth. You want any mail to pass multiple checks. Therefore, I think many operators will check SPF before the DATA phase and Sender-ID, along with other anti-spam filters, after receipt. That is the beauty of SPF - it is simple and, hence, performs one thing well. While you made a deal to combine the two specs, that is not necessary and I think that the SPF community is uninterested in dropping a working simple protocol. They can coexist.

Andrew

____________________________________
Andrew W. Donoho
awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m)


[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What Meng said, Margaret Olson
Next by Date:  RE: What Meng said, Sauer, Damon
Previous by Thread:  Checking MAIL FROM (was: What Meng said), Roy Badami
Next by Thread:  RE: What Meng said, John Glube
Indexes:  [Date] [Thread] [Top] [All Lists]