Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
I agree. It's only hop-by-hop accountability.
With Sender-ID, EHLO and MAIL FROM are ignored. Sender-ID has no
concept of the hop,
It's applied by MTA's, which do have the concept of a hop.
With Sender-ID, the entity accountable for traffic emerging from a hop
is _not_ identified.
The PRA of the traffic is identified, who may not be the same as the
MTA client originating the traffic for the current SMTP session.
CSV, however, clearly identifies this entity and thus provides an
identity that may safely be held accountable.
It uses different fields to hold a different entity accountable for
different behavior.
CSV is very different from Sender-ID in that regard. It seems we agree
on major points, so I am confused how you can hold this view.
The paradigm change to hold entities responsible for SMTP traffic is
the same in both proposals. The fields they use, and the
implementation, differ.
Previously, recipient MTA's had to determine the responsible
entitity by making reasonable implications, which may or not not have
been correct. The proposals here in MARID allow entities to
explicitly state who is to be help accountable.
Sender-ID however does not offer an effective protection in this
area, while it breaks much of the current mail, hammers DNS, and
ignores UDP back-off requirements.
I'm not sure I agree with all that, but I do agree that other
systems within the MARID scope may acheive the MARID goals with less
effort.
Alan DeKok.