On Thu, 2 Sep 2004, Kevin Peuhkurinen wrote:
This is the most troubling issue that I forsee, I agree. However, I have
to wonder why everyone who is pro-Sender-ID doesn't feel it necessary to
try to pressure Microsoft into adopting SPF instead. To my mind, there
are ZERO hinderences to Microsoft adopting SPF, but there are plenty of
hinderences for most everyone else to adopt the encumbered Sender-ID.
^Microsoft^the Internet at large
SPF and Sender ID solve different problems. Sender ID authenticates the
message, SPF authenticates the channel. While channel authentication is
useful for some purposes, message-based authentication of something the
end-user can see is much more desirable to many senders and recipients to
control spoofing of user-visible headers.
In that regards, the Sender ID technology presents the best IP-based
message authentication I have seen, and can provide an immediate benefit
to a large majority of message paths. In the long run, a crypto-based
solution for message authentication is of course the best solution, and we
are all working on those as well.
When we start discussing channel authentication then we should compare SPF
and CSV, but SPF doesn't solve the immediate problems of header spoofing
that I want to address right now.
-Rand