[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-schlitt-spf-classic-01.txt

To: ietf-mxcomp@xxxxxxx
Subject: Re: draft-schlitt-spf-classic-01.txt
From: Graham Murray <graham@xxxxxxxxxxxxxxx>
Date: Tue, 31 May 2005 09:49:00 +0000
Domainkey-signature: a=rsa-sha1; s=procserver; d=webwayone.co.uk; c=nofws; q=dns; h=from:to:subject:references:date:in-reply-to:message-id: user-agent:mime-version:content-type; b=PL02OKbI8wM95rHuIZ/xOy/nylgTWmNqR8v1Bo/VuZ2TJNpnUnJMWL8vMkdwBB2IA zXif3C9acb3LZhPDYFgSw==
In-reply-to: <> (Douglas Otis's message of "Sun, 29 May 2005 13:57:54 -0700")
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <> <> <> <> <> <> <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (i586-suse-linux)

Douglas Otis <dotis@xxxxxxxxxxxxxx> writes:

> You can not prevail on an assumed record scope.  Both Sender-ID and SPF
> attempt to transform "server authorization" into "sender
> authentication."  If I were to authorize an email provider, would that
> mean any message using my email domain from that provider be from me?

I cannot comment on Sender-ID, but as I understand it (as the one who
publishes SPF records for the domain) SPF does not attempt to do this. An SPF
pass does *NOT* indicate that the mail is genuinely from the domain (though in
the cases of the domains I control it probably does as I also control the mail
servers), but an SPF fail indicates that the mail is definitely NOT genuinely
from the domain. So an SPF pass should not be counted as sender
authentication, even domain keys does not do this (it only authenticates the
domain and that the mail has not been 'tampered with')- if you want to
authenticate the sender you will have to use an MUA cryptographic system like
S/MIME or PGP/MIME etc.

Follow-Ups:
- Re: draft-schlitt-spf-classic-01.txt
  - From: Douglas Otis

References:
- draft-schlitt-spf-classic-01.txt
  - From: Douglas Otis
- Re: draft-schlitt-spf-classic-01.txt
  - From: Julian Mehnle
- Re: draft-schlitt-spf-classic-01.txt
  - From: Douglas Otis
- Re: draft-schlitt-spf-classic-01.txt
  - From: Terry Fielder
- Re: draft-schlitt-spf-classic-01.txt
  - From: Douglas Otis
- Re: draft-schlitt-spf-classic-01.txt
  - From: Terry Fielder
- Re: draft-schlitt-spf-classic-01.txt
  - From: Douglas Otis

Prev by Date: Re: draft-schlitt-spf-classic-01.txt
Next by Date: [spf-help] Re: SPF and SenderID
Previous by thread: Re: draft-schlitt-spf-classic-01.txt
Next by thread: Re: draft-schlitt-spf-classic-01.txt
Index(es):
- Date
- Thread