On Fri, 2004-10-29 at 09:44, James Couzens wrote:
SenderID != SPF. Please don't associate the two.
I agree. How does one establish a mix of divergent approaches? A chain
of trust is broken when each node checks a different mailbox-domain. It
is also seems inappropriate to misapply a record intended for a
different mailbox-domain. Handing multiple accountable identities is
daunting, especially when a change in convention between administrative
domains makes spoofing easy. Correlating the mailbox-domain checked and
then displayed becomes another matter.
Regardless of the mailbox-domain checked, leaving authorization normally
open-ended overcomes present problematic header conventions. Only
institutions dealing with a phishing problem would have an incentive to
tackle closing the authorization list. Changing from an address-list to
a name-list overcomes exploits invited by an open-ended authorization
list as well, as this would imply a separate entity is utilized for
reputation.
-Doug