On 10/13/04 7:48 PM, "Meng Weng Wong"
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:
On Wed, Oct 13, 2004 at 05:13:30PM -0400, John Glube wrote:
| * I appreciate some will argue there are lots of benefits
| of simply moving ahead with Microsoft. I appreciate this
| position, however if that were the case, mail from and pra
| would have made it through last call without MARID being
| shut down, with mailfrom and pra checking now on the
| standards track. However, that is not the case. Instead
| what happened is the whole process "blew up," over an
| attempt by Microsoft to simply take over the whole thing.
I'll send out a more detailed summary of my recent
discussions with MS when I get the time, but for now I
should raise the point that the latest versions of the
"core" drafts I saw from MS now treat both mail-from and PRA
on an equal footing, saying that receivers can check either.
So I think that if MARID had gone on for another week, the
latest revision of Sender ID might be much more acceptable
to the group.
I don't know if this point has been brought up before, but
it changes things significantly.
AOL agrees with Meng :-)
The only remaining issue for some organizations may be the licensing and
patent application "issues".
From AOL's perspective we do not have an issue with the patent specifically
as we are a big company with lots of patents and are confident in our
ability to defend ourselves. We also know MSFT has only APPLIED for a patent
and has not been awarded one and in fact may need to revise it due to its
rather general language.
On the license, we have never had an issue as we don't resell software
except maybe for the iplanet stuff which is minor right now. And we are
confident MSFT would not try and submarine us with a change in the license
later on. MSFT has told us this emphatically and even published some
information which would make it hard for them change the license and to make
claims later on if they even wanted to.
Our concern really stems from the fact that others have concerns. And those
concerns :may: slow adoption. This would be a downside as SID and other
technologies really rely on wide-spread adoption to be effective.
But for now, we do like the changes Meng spoke of above - support for PRA
and mail-from and backwards compatibility with the v1 and v2 records.
AOL is building our SPF checking as well as SenderID 822 FROM domain
checking into our MTAs right now. We will not have full PRA checking done in
2004. We are also going to be able to do some sort of CSV checking on the
EHLO string using existing SPF DNS records (the CSV spec asserts a new text
record and we may adopt that in the future).
We are also looking to try DK signing outbound in Q1 2005. We hoped to do it
in 2004 but found that we could not do it without a development cycle.
All in all, we are happy with the direction of the authentication
technologies and hope that late 2004 and the first month2 of 2005 can
provide a lot of valuable testing data.
-Carl
--
Carl Hutzler
Director, AntiSpam Operations
America Online Mail Operations
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell