On Fri, Aug 13, 2004 at 08:42:38PM +0200, jpinkerton wrote:
We must do what we can, but that does not include spending e-mail users
money on things like SSL. Simple SPF is the way forward (for now) - once it
is totally implemented across the web, and I think that is the real goal of
the SPF project.
While I agree with your first statement, I don't agree with the second.
I side with Meng in that SPF alone is not sufficient. There must be
some way to track behavior of mail senders as well -- a reputation
system. In Meng's aspen webpage, however, he mentions reputation
several times, but places all the weight on accreditation, and does not
discuss how or where reputation enters into the picture. I take an
opposing stance: accreditation is unnecessary, but reputation is a
necessary additional component.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org