Kevin Peuhkurinen wrote:
To my mind, there are ZERO hinderences to Microsoft
adopting SPF, but there are plenty of hinderences
for most everyone else to adopt the encumbered
Sender-ID.
Ryan Malayter:
SPFv1 does not address email header forging at all. So SPFv1 does very
little to prevent forging of the "from" addresses seen by the user in
99% of MUAs. SPFv1 therefore does very little to prevent phishing scams.
This is why Microsoft came up with CallerID for email, and why Meng and
MS decided to merge the best parts of SPF and Caller ID into SenderID
approaches.
SPF protects envelope forging correctly. SenderID doesn't.
While SPF doesn't prevent forging of 2822 addresses seen by 99% of MUAs, the
same could be said of SenderID. I don't know of any MUAs which display the
PRA as described by SenderID.
So, either way, it means upgrading all the MUAs. IMHO, if we are going to
upgrade the MUAs to prevent phishing, we should look towards a stronger
crypto/signing solution, not the flimsy solution provided by SenderID.
Michael R. Brumm