On 2/21/08, Stephen J. Turnbull wrote:
C'mon, Mark, you know that the only problem here is that there's no accepted standard; they have to authenticate "you" somehow (do you really want me to be able to spoof you and get information about your mail to Yahoo customers?), and the right "you" to authenticate is the apparent source of allegedly objectionable mail. So it's going to be SPF or DomainKeys or something like that.
But SPF (and similar technologies) and DomainKeys (and similar technologies) are both inherently broken in the general case. Sure, there are specific cases where sites like BankOfAmerica.com can use them (and to everyone's benefit), but they're too easy to set up incorrectly (on both sides), and they break too many other parts of how e-mail is supposed to work.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>