David Woodhouse <dwmw2(_at_)infradead(_dot_)org> schrieb/wrote:
All we're doing is offering a way for sending mail hosts to offer an
arbitrary 'trust key' of their choice, which the recipient can then
look up in a database.
As long as there's a way of checking that the host in question really is
an authorised user of that 'trust key' it doesn't matter _what_ it is.
This observation raises an important question: Why should building a
database based on a 'trust key' reduce spam?
The most obvious 'trust key' is the IP address of the sending MTA.
Databases based on the IP address have already been built and are in
production use. They do reduce spam but there is still a lot of spam
that gets through.
If Sender ID/SPF just changes the key from 'IP address' to something
else, then I don't see how it can reduce spam UNLESS spammers can't
change that key as easily as IP addresses. With domain-based keys, this
is not the case: It's actually easier to register a throw-away domain
name than to get a new block of IP addresses.
Well, IP address-based databases have some problems on their own, which
may or may not have hindered deployment (e.g. the server behind a DSL
`dialup'' line). But SPF has similar problems.
Claus
--
http://www.faerber.muc.de