spf-discuss
[Top] [All Lists]

Re: Is SPF Authenication or Authorization?

2004-09-21 08:13:30
Peter Bowyer wrote:

On Tue, 21 Sep 2004 10:53:41 -0400, jmacdonald(_at_)e-dialog(_dot_)com
<jmacdonald(_at_)e-dialog(_dot_)com> wrote:

I've thought it as Authorization, however the UnifiedSPF slides seem
to say Authentication.

A receiving MTA checks SPF in order to authenticate the sending MTA.

If the check passes, the receiving MTA can use this authentication
data point as part of its authorization algorithm.

Wrong. SPF *authorizes" a relay. It does not authenticate anything.

In SPF terms, authorizing is the process of allowing someone to speak on behalf of an identity; whereas authenticating is verifying that identity. The two are distinctly different.

- Mark

       System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx