On Thu, 2 Sep 2004 mazieres(_at_)gmail(_dot_)com wrote:
What I'd really like to hear about is an actual usage scenario in
which a message author (say a bank sending out statements) actually
requires Sender ID, and could not get the same effect with
SPF-classic.
I've talked to numerous large banks and consumer-oriented companies -- big
ones, the kind that run ads on TV -- and they've done the analysis on
their customer email address lists that a large majority (more than 50%)
go only one hop to large ISPs that don't allow forwarding, and to large
enterprises that discourage such. So, for these sites, a majority of
their customers will be very well served by accurately authenticating the
From: address which is shown in their MUA *today*. This is something that
SPF-classic can not provide today.
Another use case has to do with changes forwarders have to make so that
they don't create false positives. The 2822 header additions required by
Sender ID are much less invasive than the 2821 MAIL FROM rewriting (SRS)
that SPF Classic requires, and the Sender ID changes do not change the
well understood and sometimes depended on MAIL FROM bounce address.
What still needs to be done is assess what types of paths either of these
solutions might break (I like that CSV doesn't have the potential to do
that).
-Rand