Updated list:
I think it would help if a consolidated list of concerns was well as
benefits in regards to SenderID/PRA should be organized. If there is a list
already, please point it out.
Please feel free to confirm, reject, correct or add your own. If you add,
please just itemize it with generalized sentences. If you disagree with one
or more of the list below, please explain why. If you think some can be
consolidated please comment.
Concerns:
- No clear benefits to PRA 2822 extraction is shown.
- No logical reason for PRA algorithm explained
- Higher Payload Bandwidth Potential
- Rejects No Header Payload due to no PRA extraction
- Does not use 2821.Mail From
- Over 80% of transactions, 2822.PRA = 2821.Mail From
- Easily spoofed
- Provides no incentive for adoption
- Provides no incentive for spammer adoption (status quo)
- Does not solve phishing
- Ignores HELO spoofs
- Requires adaptation (change) by MUAs to display PRA
- Requires two SPF records (SPF1 and SPF2.0/PRA)
- Less effective when not used with SPF1
- More difficult to implement
Benefits:
- Microsoft Support for SPF
- Can be effective when used with SPF1
- Can help phishing by displaying the PRA at the MUA
Others?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com