spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is SPF Authenication or Authorization?

2004-09-21 09:08:04
from [Meng Weng Wong] [Permanent Link] 
On Tue, Sep 21, 2004 at 03:13:30PM +0000, Mark wrote:
| >
| >A receiving MTA checks SPF in order to authenticate the sending MTA.
| >
| >If the check passes, the receiving MTA can use this authentication
| >data point as part of its authorization algorithm.
| 
| Wrong. SPF *authorizes" a relay. It does not authenticate anything.
| 

http://www.imc.org/ietf-mxcomp/mail-archive/msg00164.html

  I think the confusion between "authentication" and
  "authorization" arises from perspective.

  From the sender domain's point of view, the SMTP transaction
  is authorized or unauthorized.

  From the receiver's point of view, the sender is
  authenticated or unauthenticated.

  To the tall, the average man is short.

  To the short, the average man is tall.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Article on Microsoft patents and Caller ID, Chuck Mead
Next by Date:  RE: Article on Microsoft patents and Caller ID, william(at)elan.net
Previous by Thread:  Re: Is SPF Authenication or Authorization?, Mark
Next by Thread:  Re: Is SPF Authenication or Authorization?, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]