On Wed, Feb 25, 2004 at 05:43:15PM +0100, Ernesto Baschny wrote:
|
| Meng, could you write up a comparison table between Caller-ID and SPF? I
| have seen plenty of similarities and some crucial differences. You could
| also weight the (dis)advantages of each difference.
|
On a purely technical level there are a number of factors for comparison.
- can you detect spoofs before DATA to save bandwidth?
- suppose one user wants to do spoof checking, and another
does not, because he gets forwarded mail from a noncompliant
forwarder. How do you support this per-user flexibility?
- how does it interact with whitelisting schemes?
- can it support (sender-side) per-user lookups?
- what is the marginal DNS cost of a positive uncached query?
- what is the marginal DNS cost of a negative uncached query?
- what is the marginal DNS cost of a positive cached query?
- what is the marginal DNS cost of a negative cached query?
- ... previous four questions, but with per-user and per-ip macros?
- how extensible is the syntax?
- does it attempt to attack phishing?
- does it attempt to attack joe-jobs?
- how successfully does it attack phishing?
- how successfully does it attack joe-jobs?
- how easy is it for spammers to try to game?
- for best results should you implement it in the MTA or the MUA?
- what do forwarders have to do?
- do you have to keep a spam folder?
- what happens to false positives?
- what happens if the recipient is over quota ...
- if the message is a spoof?
- if the message is not a spoof?