On 6/8/2005 12:37 AM, John Levine wrote:
I am all in favor of sender authentication, if it's real sender authentication.
I don't disagree with anything you said, and I certainly agree with your closing sentiment. Having said that, SPF and Sender-ID are useful as another hammer in the bag-o-tricks, even if they aren't useful for everybody, or if they don't solve everything, or if their authors misrepresent the technology, or any of the other number of things that you didn't mention. At the least, being able to say that mail from my domain is really only from me if it came from my fixed server[s] is very useful, even if it does nothing else. They are useful as proof-of-concept works, too. There have been many demands to produce something like SPF/Sender-ID for many years (myself included), and just having them out there is useful for research and analysis purposes. Without them, folks would still be arguing to produce them, at the least. As you've argued on ASRG yourself, the research is worthwhile in and of itself, even if it produces something unexpected. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/