Last week at ISPcon in Washington DC, I presented SPF (and helped
present Caller-ID).
Here are some slides from that presentation. Click on the
right-hand-side of the image to move forward.
I first presented an overall positioning diagram showing how SPF,
Caller-ID, and crypto approaches fit together.
http://spf.pobox.com/slides/ispcon-dc/3000.html
I also squeezed in an economic argument for cost-shifting from receivers
to senders which should appeal to MBA types:
http://spf.pobox.com/slides/ispcon-dc/2010.html
One implication of this cost-shifting is, of course, that there will be
a growing market focus on outbound filtering, to combat the zombie ->
ISP-MTA -> victim scenario. This scenario is the subject of AOL's "2nd
Received: header" filtering technology.
* * *
Separately, I looked at the ways you can combine the subject of
authentication with the method of authentication:
http://spf.pobox.com/slides/crossingbeams/0100.html
(To complete the enumeration, if we draw a line between Return-Path and
Crypto, you get SES. Seth, I hope this shows that I am not ignoring it;
I am just not confident that the tradeoffs in the SES-only approach will
be palatable to large ISPs.)
I should do another set of slides showing how signatures have evolved
from the body to the attachment to the header to the return-path.