On Sat, Sep 11, 2004 at 02:48:14PM -0700, Daniel Quinlan wrote:
Agreed. If "mailfrom" is the only other scope, then I suspect Apache
SpamAssassin, Apache James, and perhaps other open source
implementations will wholly reject Sender ID.
Maybe that's what some people want. I'm perplexed by this whole
direction.
It is the opinion of this participant that the mailfrom scope will not
reach consensus. unless it also allows for the helo scope to be
checked and thus be compatible with SPF-classic. SPF-classic is the
current defacto standard and I think standardizing existing practice
is the easiest way to reach a consensus.
Agreed, a "helo" scope should be explored.
Given that we're treading down this path, I'm wondering if it wouldn't
be best to specify a range of scopes that cover the major elements of
information supplied in both RFC2821 RFC2822. Then, if people wish to
combine certain scopes in particular ways to provide unique solutions,
and/or wish to patent these approaches, that's up to them. The
documents would become references for what should be checked, and how.
However, at that point, I think we'd be writing best practices for
RFC2821 and RFC2822 checking for various types of abuse: spam,
joe-jobbing, etc., as well as specifying mechanisms that aid in these
"atomic" information checks.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org