>>>>> "Hal" == "Hal Finney" <hal@xxxxxxxxxx> writes: Hal> There are three proposals getting widespread attention, with Hal> overlapping names and technology: SPF (Sender Policy Framework, aka Hal> Sender Permitted From), Microsoft's SenderID (aka "Caller ID for Hal> Email"), and Yahoo's DomainKeys. Hal> SPF and SenderID, from a distance, are almost the same. In fact Hal> the proposals got merged. AFAIK, Microsoft's original proposal was called CallerID, and the merged proposal is called SenderID. Hal> They both propose to use DNS records to list which mail servers are Hal> allowed to send mail purporting to come from a particular host. Hal> Much spam these days fakes the "from" address in a really obvious Hal> way; when you look at the mail headers you see something claiming Hal> to come from your best friend and it actually came from a server in Hal> Russia or somewhere. SPF and SenderID would stop this kind of Hal> spam. However they have problems with people who have legitimate Hal> needs to send mail from a wide variety of mail servers (what Eric Hal> called "legitimate forgeries", although I'm not sure that's the Hal> best phrasing!). SPF prevents forgery of the envelope-from (which is usually seen in the Return-Path header), not the From header. (Envelope from is what gets sent to the mail server during the SMTP negotiation.) Hal> DomainKeys is completely different and involves cryptographic Hal> signatures. I don't know much about it. Me neither. Hal> Microsoft says they may have patents pending on SenderID, and the Hal> recent dispute has been about the nature of the patent license Hal> which Microsoft is offering. It is a relatively generous license, Hal> as patent licenses go, but it is not completely free as the open Hal> source community requires. or as a standard would/should require. Hal> What most commentators seem to be missing is that people can't just Hal> tell Microsoft to get lost and proceed with SPF. The proposals are Hal> so similar that it is likely that some of Microsoft's patent Hal> applications will cover SPF. ... I don't know. SPF seems pretty obvious, and people have been talking about similar things for quite a while (e.g. RMX). I can't see any patent holding up if it really does apply to SPF. But then, that's without knowing anything about what patents Microsoft has or is applying for. -- Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.