Re: [tlug] SPF info

[Evan Monroig <evan.monroig@example.com>]

On 7/30/06, Jim <jep200404@example.com> wrote:
> Just more things to look at:
> 
>    http://www.google.com/search?q=spf+patent

Jim, thank you very much for your answer !

I am not sure if I understand the full story, but as far as I have read,
there is a SPF standard, developed by a group of individuals [1] and
promoted by openspf.org and is now RFC 4408, and there is SenderID, a
Microsoft protocol derived from SPF and defined is RFC 2822.

Now, on openspf.org [2], it is written that SenderID is independent from
SPF (and yet they have syntax sort of implying that it is SPF2), and
that its specification violates the SPF specification.

Finally to the "spf+patent" search. Article [3] was a very interesting
reading. The beginning says:

 The IETF MARID working group has been slogging away all summer trying
 to produce a draft standard about e-mail sender verification. They
 started with Meng Wong’s SPF and Microsoft's Caller ID for E-mail,
 which got stirred together into a hybrid called Sender ID.

and the rest is a discussion on Microsoft's patent application.

The article is from September 2004, and I know from openspf.org that the
MARID working group "failed" (whatever that means. My guess is that they
couldn't produce the standard that the group was set up for).

So to me, the story is that the current standard for email sender domain
verification is SPF, and that for individual sender verification, we'd
better use GPG...

Any thoughts?

Don't hesitate to correct me: I am not very familiar with the subject
and am trying to have a better understanding.

Evan

[1] http://new.openspf.org/Press_Release/2005-03-23
[2] http://new.openspf.org/SPF_vs_Sender_ID
[3] http://www.circleid.com/posts/an_analysis_of_microsofts_marid_patent_applications/