[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (DEPLOY) In Support of Sender ID

To: Graham Murray <graham@xxxxxxxxxxxxxxx>
Subject: Re: (DEPLOY) In Support of Sender ID
From: Rand Wacker <rand@xxxxxxxxxxxx>
Date: Fri, 3 Sep 2004 08:54:07 -0700 (PDT)
Cc: ietf-mxcomp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

On Fri, 3 Sep 2004, Graham Murray wrote:

> Rand Wacker <rand@xxxxxxxxxxxx> writes:
>
> > As I said before, there is a large majority of mail that goes from large
> > commercial sites (or consumer ISPs) merely one hop to another large
> > commercial ISP, so the From: header will be successfully authenticated.
>
> In the case of sending from a large ISP (and that includes commercial
> sites who outsource email) that is not true. Unless the ISP does
> additional checking then Sender-ID (and SPF) still allows a customer
> of the ISP to forge the mail as coming from any other customer of that
> ISP.

Sorry, I should have said "the domain of the From: header"  Such is the
limitation of doing domain-based auth.  The limitation of doing user-based
auth is a high barrier to deployment.

-Rand

References:
- RE: (DEPLOY) In Support of Sender ID
  - From: Michael R. Brumm
- RE: (DEPLOY) In Support of Sender ID
  - From: Rand Wacker
- Re: (DEPLOY) In Support of Sender ID
  - From: Graham Murray

Prev by Date: RE: (DEPLOY) In Support of Sender ID
Next by Date: RE: PRA Patent: License for Display in MUAs?
Previous by thread: RE: (DEPLOY) In Support of Sender ID
Next by thread: Re: (DEPLOY) In Support of Sender ID
Index(es):
- Date
- Thread