On May 3, 2008, at 3:44 PM, Frank Ellermann wrote:
SM wrote:
SenderID and SPF does not authenticate the sender.
For starters they have different concepts of "sender", PRA and
envelope sender, and RFC 4408 section 10.4 offers references (AUTH +
SUBMIT) for folks wanting more.
Agreed. Neither SenderID or SPF offers authentication. Both of these
schemes provide a method for domains to _authorize_ IP addresses used
by SMTP clients. This can not be described as authentication since
SMTP clients are often shared by more than one domain. This scheme is
fully dependent upon secure routing through questionable boundary
issues. In addition to the section 10.4 references, DKIM is another
possible choice.
-Doug
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf