On Fri, 3 Sep 2004 08:54:54 -0700, Jim Lyon
<jimlyon(_at_)exchange(_dot_)microsoft(_dot_)com> wrote:
On Thursday, September 02, 2004 at 7:38 PM, William Leibzon wrote:
Microsoft may have misled others that SenderID and PRA algorithm can
be
used by MUAs to verify email (because of their dominance in MUA market
on
Windows PCs, they need something for MUAs). That is not true.
In spite of William's repeated assertions that it can't be done, we have
built prototypes internally that do exactly that. They work.
Briefly, the algorithm is:
1. Grovel through the Received: headers to find the header
describing the hop where the message entered the current
organization.
2. Extract the PRA from the [Resent-] Sender and From headers
as usual.
3. Apply the SenderID algorithm. [Actually, our prototypes
used the earlier CallerID algorithm, but the point remains.]
Note that in fact this algorithm does not properly implement Sender ID
in the MUA. The problem is that people might not read email until
days or even a week after you send it. For dynamically assigned IP
addresses, the IP address in the header will no longer be valid.
For examply, suppose my computer is called mybox.dyndns.org. I always
make sure that the DNS name points to my IP address. Thus, I publish
"+a -all" as my SPF2 record. If my ISP switches my IP address every
day at midnight, and you read my mail the following day, you will
extract an old IP address from the Received header and therefore deem
my mail a forgery.
One of the objections people have raised to both SPF and to Sender ID
is that they are bad for individual domain-name owners, and only work
for large organizations. Until now, I thought there were no grounds
for such an objection--just people who didn't understand what was
really going on. If, in fact, Microsoft is thinking of implementing
something in Outlook that would essentially freeze out people with
dynamic IP addresses, I actually find that quite alarming. If people
knew this, I think you would find a lot more technical objections to
Sender ID.
David