CircleID: News from the E-mail Authentication Summit in NYC

• Previous message (by thread): CircleID: News from the E-mail Authentication Summit in NYC
• Next message (by thread): CircleID: News from the E-mail Authentication Summit in NYC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22/07/05, Fergie (Paul Ferguson) <fergdawg at netzero.net> wrote:
> Bill Nussey writes on CircleID:
> 
> [snip]

How do you say "that was an email authentication for dummies" session
without actually saying so?

Here's how (my followup on circleid)

By Suresh Ramasubramanian | Posted on Jul 21, 2005 @ 7:08 PM PST

In the interests of setting several records straight, and making a few
points clearer.

"AOL's spf" is just plain wrong. SPF is by meng weng wong of pobox.com
(http://spf.pobox.com). The most that AOL has done is to use it in a
way that is way out of spec for what it is designed for .. tells large
sites who ask it for a whitelist to consider publishing spf records,
to automate the updation / maintenance of their whitelist (so if they
add or remove netblocks for their sending of email, the changes can be
picked up from the spf record). Even that is not necessary - all
people have to do if they dont want spf is to open a ticket with aol's
postmaster staff if they want their whitelist updated.

Domainkeys and Cisco's IIM merged as they were fairly similar and
reasonably complementary proposals - with the added advantage that the
considerable experience that Cisco distinguished engineers like Jim
Fenton (the author of IIM) has with IETF operations is brought to bear
in polishing the joint spec.

A balanced set of use cases of spf and sender id, that also documents
the potential gotchas and pitfalls that exist (and show themselves
quite often particularly when people publish restrictive -all spf
records, and even more when sites treat spf failures as a blanket
reason to immediately reject email) -
http://www.maawg.org/about/whitepapers/spf_sendID/

More on the blind use of spf here - something I wrote a few months
back on circleid. http://www.circleid.com/article/1039_0_1_0_C/

The email authentication summit did not go beyond fairly general
issues, and can be treated as a general introduction / update to the
authentication issue for people who have not been following it very
closely.

You may want to attend MAAWG and IETF meetings - that is where you
will see a clearer picture.

• Previous message (by thread): CircleID: News from the E-mail Authentication Summit in NYC
• Next message (by thread): CircleID: News from the E-mail Authentication Summit in NYC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]