ietf-mxcomp
[Top] [All Lists]

Re: So here it is one year later...

2005-01-31 15:16:35


On Mon, 31 Jan 2005, wayne wrote:

DK and SPF have different failure modes. I don't think this is a 
competition situation. A system with both schemes is much more 
effective than either on its own.

I completely, 100% agree and I can not emphisized this enough.  I see
things like SPF and crypto systems as complementary systems, not
competing systems.  I'm sorry I forgot to mention that.

The are complimentary but they work and protect different parts of email
message. That means each one must be able to work on its own independant 
of the other one and authentication should work properly on each layer.
You can not have failure scenario of one system being depdending on the
authentication in another layer - this is just a bad security architecture.

That means if we want to use SPF and mail signatures for anything other 
then whitelisting (i.e. to get rid of actual bad messages and find bad
senders), we must find ways to deal with SPF forwarding problems on the 
SMTP session layer and must have MASS signatures that work with mail lists. 

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>