At 05:31 PM 8/20/2004 -0400, you wrote:
On Sat, 21 Aug 2004, AccuSpam wrote:
However, consider that supporting "-all" for SPF (in order to give SPF
similar anti-forgery power) for all domains is also going to require upgrades
to all MUAs in order to integrate with many different flavors of SMTP
authentication at many different servers. At least with SenderKeys, the
integration for MUA is very well defined and very simple and uses existing
protocols. The MUA simply POPs (or IMAP) the SenderKeys auto-response,
stores the private key and uses it. STMP and POP see SenderKeys as just
another e-mail, no compatibility issues as there will be with SPF:
SMTP is an existing protocol, very well defined, supported by all modern
MTAs and MUAs - including pine,mutt,etc. I've haven't seen a MUA that
doesn't support AMTO AUTH in years. The only problem is teaching users to
fill in the server, port, user, and passwd fields (non-trivial with some users,
I admit).
My Eudora 4 does not support SMTP AUTH.
My mom's use of the email client concurrent with Netscape 4 does not support
SMTP AUTH.
Just because the current versions of many email programs support it, does not
mean that all users have upgraded to it.
And as you said, configuring SMTP AUTH in client is not trivial problem. It is
not automated per specification, the way that SenderKeys is automated in the
client.
Also, not all mail servers support SMTP AUTH. My relay.pair.com does not. It
supports only POP before SMTP. That is another kind of animal to teach users
about. It requires even more understanding to use. Then you have the issue
that I access internet (at moment from Asia) then I can access relay.pair.com
because my ISP here does not block port 25, but when I access via earthlink.net
in USA, then earthlink blocks port 25 and forces me to use their SMTP server.
So I would have to list both relay.pair.com and mail.earthlink.net in my SPF
"-all" record, but then what do I do when I need to access from another ISP
which also blocks port 25. There is a never ending chain of mail servers I
have to add to my SPF record, and I could be stuck in an emergency with my
email being filtered as forgery.
Of course if using SMTP AUTH over port 587, then assuming the ISP has not been
stupid enough to block that port (many ISPs are ignorant outside the USA, you
would be enlightened if you travel in the 3rd world..).
Etc...
You think have it neatly figured out, but the use of SMTP is much more varied
and complex than you are contemplating.