"Graham Murray" <graham(_at_)webwayone(_dot_)co(_dot_)uk>commented:
"Chris Haynes" <chris(_at_)harvington(_dot_)org(_dot_)uk> writes:
If so (and these misunderstandings were corrected), is there an engineering
opportunity to work towards a sympathetic fusion of Sender-ID and SPF *at
this
time*?
Do not forget that Sender-ID is supposed to already be a fusion of SPF
and the original MicroSoft Caller-ID.
Hello Graham,
What do you mean by "supposed"?
"required"?
"alleged"?
"presumed"?
As far as I can tell, Sender-ID has adopted some of SPF's better implementation
ideas, including:
- The record and macro formats
- The opportunity for early rejection (with the SUBMITTER option)
but, functionally, it still tests a different entity (the PRA vs. the Mail-From:
address) and thus has the 'unauthorised bounce' weakness that many people are
concerned about.
There may be other significant differences - I've not done that detailed an
analysis.
Then there is the licensing issue: I don't think any Open Source advocate would
describe the current Sender-ID as a "sympathetic fusion" of the two approaches
to licencing.
Note also Meng's post of
http://www.imc.org/ietf-mxcomp/mail-archive/msg03093.html
which seems to indicate that Meng believed (on 6 Aug) that there was still a
substantive difference between Sender-ID and his conception of "Unified spf".
Chris Haynes