On Thursday, September 02, 2004 at 7:38 PM, William Leibzon wrote:
Microsoft may have misled others that SenderID and PRA algorithm can
be
used by MUAs to verify email (because of their dominance in MUA market
on
Windows PCs, they need something for MUAs). That is not true.
In spite of William's repeated assertions that it can't be done, we have
built prototypes internally that do exactly that. They work.
Briefly, the algorithm is:
1. Grovel through the Received: headers to find the header
describing the hop where the message entered the current
organization.
2. Extract the PRA from the [Resent-] Sender and From headers
as usual.
3. Apply the SenderID algorithm. [Actually, our prototypes
used the earlier CallerID algorithm, but the point remains.]
William also implies that Microsoft would intentionally mislead people
to believe that SenderID can be used in MUAs when it cannot. In the
first place, I resent the insinuation. In the second place, were such
misleading to occur, it would hurt Microsoft more than anyone else,
precisely because we provide more of the world's MUAs than anyone else.
-- Jim Lyon