On Fri, 24 Jun 2005, Hector Santos wrote:
Concerns:
- No clear benefits to PRA 2822 extraction is shown,
- No logical reason for PRA algorithm explained
- Higher Payload Bandwidth Potential
- Rejects No Header Payload due to no PRA extraction
- Does not use 2821.Mail From
- Over 80% of transactions, 2822.PRA = 2821.Mail From
- Easily spoofed
- Provides no incentive for adoption
- Provides no incentive for spammer adoption (status quo)
- Does not solve phishing
- Ignores HELO spoofs
Benefits:
- Microsoft Support for SPF?
- If applied *after* checking SPF classic, AND using records explicitly
authorized for PRA (spf2.0/spf1 op=pra), and NOT to SPF classic
records, *AND* the actual PRA validated is prominently displayed to the
end user, then it helps prevent 2822 phishing for domains that publish PRA
specific records.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.