On Sat, 2004-09-18 at 12:34 +0100, Roy Badami wrote:
I don't think that's true. The domain/IP verification schemes
directly address forgery, in a way that CSV doesn't. Think about
Sender ID as a tool for senders who (for whatever reason) want to be
able to prevent others from sending forged mail claiming to be from
them.
I do not think of Sender ID in that way. There are true end-to-end
schemes which address that problem reliably through multiple hops, and
without requiring that the world at large upgrade to make their flawed
assumptions come true.
To offer Sender ID as a true solution to the problem of forgery is
disingenuous. It is not a general solution to that problem.
As a tool for recipients, Sender ID and CSV both provide a hook on
which to hang reputation and accreditation systems, and I'm agnostic
as to which will work better in the real world, though my feeling is
that they may in fact turn out to be complementary.
I agree that the various reputation and accreditation systems,
maintained by different people with different criteria, will be
complementary. We've already seen that with the various IP-based
systems.
However my feeling is that the availability of different _keys_ into
such databases would be purely redundant. While the use of IP addresses
has its problems, I feel that _any_ key which we can _reliably_ tie to
the owner of the MTA in question would suffice as a replacement.
In fact, I feel that the presence of redundant schemes for identifying
such 'keys' would be counterproductive, because it would lead to the
separate implementation of different databases which have the _same_
criteria for listings, but different keys.
--
dwmw2