I'm reluctant to join the fray as I find myself feeling caught in the
middle. Long time lurker, first time poster.
[...snip...]
Michael,
Thanks for a thoughtful and objective response.
The ESPC is fully committed to email authentication and has been supportive
of SPF1 and Sender ID since the beginning. We've had a significant role in
helping to get to this point (including hosting a meeting at Harvard Law
School in January where the idea of merging Caller ID with SPF was discussed
with Meng and Microsoft).
One thing that is worth noting about your analysis is that the majority of
ESPs do not send their customer emails from their corporate domains. Many
employ dedicated IP addresses and vanity domains for each client. While
there is no reason not to implement authentication on their corporate
domains, it is not unthinkable that their first implementation would focus
on the client domains and not the ESP corporate domain (we encourage all
members to publish SPF1 and Sender ID for all domains).
We recently issue a press release
(http://www.espcoalition.org/083104senderid.php) stating that all new ESPC
members are required to implement SPF1 and that all existing members are in
compliance or in the process of implementing. I expect that we will require
Sender ID compliance in the near future.
I don't think there is any lack of consensus among the ESPC members. Less
than a month ago almost 100 of our members visited Microsoft for a day long
summit on Sender ID and expressed our support.
Many of our members have posted their own thoughts to this list and I expect
you will see more postings over the next few days as last call approaches.
Trevor