ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: What Meng said

2004-08-17 09:24:19
from [Sauer, Damon] [Permanent Link] 
I agree with Andrew.
I think it will also be most useful during the transition.
 

Regards, 
Damon Sauer 

[Postmaster]  -----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Andrew W. 
Donoho
Sent: Tuesday, August 17, 2004 12:12 PM
To: Meng Weng Wong
Cc: IETF MARID WG
Subject: Re: What Meng said





On Aug 17, 2004, at 09:25, Meng Weng Wong wrote: 

Sender ID as currently specified doesn't do that. 

If people want the MAIL FROM to play a role in Sender ID, 
they should say so. If they do not say so, the working 
assumption is that nobody cares. 

I personally think that if the PRA lookup returns "none" or 
"unknown", MAIL FROM should be checked, and if that test 
returns "fail" then the message should be rejected. 


Meng, 

This statement does not make any sense to me. SPF is a 2821 time check.
While the Sender-ID spec tries to eliminate it, Sender-ID is really a
2822 time check and it performs a different function than SPF. There is
no reason that Sender-ID precludes an SPF check. In fact, if you think
of the anti-spam problem as a security problem, then you want defense in
depth. You want any mail to pass multiple checks. Therefore, I think
many operators will check SPF before the DATA phase and Sender-ID, along
with other anti-spam filters, after receipt. That is the beauty of SPF -
it is simple and, hence, performs one thing well. While you made a deal
to combine the two specs, that is not necessary and I think that the SPF
community is uninterested in dropping a working simple protocol. They
can coexist. 

Andrew 

____________________________________ 
Andrew W. Donoho 
awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250 
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m) 




*****
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers. 113
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What Meng said, Andrew W. Donoho
Next by Date:  Re: What Meng said, Dave Crocker
Previous by Thread:  RE: What Meng said, Harry Katz
Next by Thread:  RE: missing submitter, was What Meng said, Jim Lyon
Indexes:  [Date] [Thread] [Top] [All Lists]