On Tue, 11 Jan 2005, Koen Martens wrote:
On Mon, Jan 10, 2005 at 05:38:50PM -0500, Stuart D. Gathman wrote:
I would not bring up those particular facts. I would point out that:
- SPF and SenderID are different protocols that authenticate
completely different parts of an email (envelope vs. headers),
and should not be confused.
Perhaps someone should then also edit this text on
http://spf.pobox.com/:
' SMTP + SPF
Sender Policy Framework
an essential part of Sender ID '
Yes they should. You could argue that using both SPF *and* SenderID
form a better system than using either alone. The phrase
"an essential part of Sender ID" implies that the name "Sender ID"
includes both SPF and the patented rfc2822 checking protocol proposed by
Microsoft. However, the actual proposal from Microsoft *only*
checks rfc2822 headers. It does not, in fact, include SPF.
(And we would *really* be screaming if Microsoft claimed that they
have a patent on SPF.)
So the slogan should be something like, "SPF and Sender ID - working
together to stop email forgery". (Assuming you consider Sender ID
actually useful.)
Perhaps what the web page author meant by "part of" is that a good
system would start by implementing SPF as a foundation, then add
Sender ID to authenticate 2822 headers. However, that is not what
the slogan says to me at first glance.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.