On Fri, 27 Aug 2004, Jake S wrote:
I enjoy SPF - the email type not the sun block type - it works for me and my
small company but I rely on courier for our business. If Sam cannot support
the future incarnation of SPF (SenderID if I'm correct) then I can't either
and I'm fairly certain that courier has a fairly large install base. How
should we go about this and / or deal with this statement?
Continue enjoying SPF. Unlike SPF, SenderID has never been tested - we don't
know whether it is truly an improvement. SenderID is encumbered by the
M$ patent (which seems like another stupid one to me - to see who purportly
sent the message you ... duhhhh ... let me see .... duhhh ... look at
the headers? I would have never thought of that!). So just ignore it
until:
a) it has actually been found to work
and
b) it is unencumbered
The patent is only required to check senderID. If a bunch of PHBs buy
into it, you'll still be able to comply for sending.
Furthermore, SPF authenticates the RFC2821 MAIL FROM header (and/or
HELO in some variations). SenderID authenticates one of the RFC2822
headers - chosen by inspecting a patented subset of them in a patented order.
There are other RFC2822 authentication schemes in the running.
For instance Domain Keys.
Regardless of which RFC2822 method ends up becoming standard - you
will still want to do SPF for RFC2821. You want to screen out
spammer and zombie MTAs as early as possible. The RFC2822 checks
are much more expensive.
Finally, I have no problem understanding SPF (and it predecessors
like RMX). I have no problem understanding how DomainKeys works. But I still
don't understand how senderID meaningfully authenticates anything in the
RFC2822 headers. Perhaps I'm just dense - or perhaps the Emperor is naked.
I'm no politician, but it seems that we need to convince
mail senders to publish SPF in addition to whatever senderID ends up
needing. It authenticates the MTA, which is needed in addition to
RFC2822 validation.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.