spf-discuss
[Top] [All Lists]

Re: Re: spf-statement-on-SenderID

2004-12-15 10:32:17
In <066f01c4e124$768d71f0$874b573e(_at_)idimo2> "jpinkerton" 
<johnp(_at_)idimo(_dot_)com> writes:

Hear, hear !   I've been saying this for ages - stop dealing with a problem
that is not ours - it's Sender-ID's problem.

When SenderID is being marketed as the successor to SPF and when the
problems with SenderID are used to discredit SPF, then it becomes our
problem.


For example, at the FTC email authentication summit, in the beginning,
one of the FTC folks (the commissioner?) said that he thought SenderID
had pretty much taken over SPF and so SPF didn't need to be
considered.  (My memory is somewhat foggy, and no transcripts have
been published yet, so I can't give an exact quote.  It was something
pretty close to this idea though.)

As another example from the FTC summit, see this:

Page 4:  "SPF vs Cryptographic Encryption"
         Drawbacks to SPF:  Weaknesses in the Purported Sender Algorthims

This is exactly what I'm talking about with confusion in the market
between SenderID and SPF and how, in front of the FTC, SPF got
tarnished with SenderID problems.
http://www.ftc.gov/bcp/workshops/e-authentication/presentations/11-9-04_brown_ColdSpark.pdf





See http://spf.idimo.com/other_protocols.html

I very much dislike your opt-out solution to the problems that the PRA
causes as expressed on that web page.  Instead of warning domain
owners that they need to opt out of SenderID, you should be warning
users of SenderID about the limits the PRA and how there are known
cases where SPF will work but SenderID won't.



-wayne