Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Micorsoft's Sender ID Authentication......?

  • From: Steven M. Bellovin
  • Date: Wed Jun 08 11:33:45 2005

In message <BECC768F.C3FD%dgolding@burtongroup.com>, Daniel Golding writes:
>
>
>Reputation is a missing element in all sender authentications schemes and
>will (likely) be solved separately.
>
>No approach is perfect, but building closer to a solution is preferred over
>sitting on our hands and debating, which (historically) seems to be the
>IETF's approach.

I'm not a fan of authentication as an anti-spam technique (see my 
Inside RISKS column for details).  That said, if you're going to use 
the concept there are good and bad ways to do it.  SPF (and hence 
Microsoft's scheme) are really lousy ways to do it, for the reasons 
John gave.  Beyond that, a lot of people at the IETF had the 
impression, rightly or wrongly, that Microsoft was trying to use its 
patents as another weapon to use against open source software.

The IETF isn't nearly as nimble as it should be, but rushing to adopt a 
bad solution is not a good idea.  

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.