CircleID

Thank you for sharing an outstanding interview with Meng Wong. I very much look forward to reading Part II and beyond.

Meng's work and ability to garner support within the industry is amazing. While SPF alone does not solve the problem, it is without question the best step forward, from a global infrastructure standpoint, that has been made to date. I applaud Meng for accomplishing a feat that many thought was impossible.

I would like to add that Sendio, Inc. (http://www.sendio.com), provider of the world's only licensed Sender Address Verification (SAV) anti-spam appliance, has incorporated SPF. In the future, please include Sendio in your list of companies in support of SPF.

While the jury is still out on the impact that SPF alone will have on the problem of spam, we are confident that with the addition of the SPF component, Sender Address Verification (SAV) is without question the most effective solution to stopping spam available today.

I'm surprised and pleased to learn that the SPF folks were aware of my work (MAIL-FROM) in this area. I would like to correct two misimpressions, and share an observation.

First, MAIL-FROM always used what Meng Weng calls the "return path", see section 2.3 of my proposal where it refers to RFC2821 (which describes the envelope, not the header) and the pseudo-code which refers to "MAIL FROM:<>" which is an envelope ("return path") artifact. In fact, the very name of my proposal ("MAIL-FROM") pertains to the SMTP verb (MAIL FROM) used to express what Meng Weng calls the "return-path identity".

Second, this idea is not original with me. I finally wrote it up and identified the corner cases in 2002, because I was cleaning out my inbox and found mail which Jim Miller had sent me describing the basic idea in 1998. I very much wish that I had jumped on this in 1998 when I first heard about it, and that the community had implemented this before Y2K, so that e-mail could be nearly forgery-free by now. Instead, the IETF ASRG is still trying to merge the merged CallerID/SPF proposal with some other competing work, and the final result is very much an open issue.

Finally, an observation. After co-founding MAPS and turning that crank for a number of years, I know that spam is "like a drug" in that people will go to almost any lengths, no matter how absurd, to send more of it. No "designated sender scheme" will ever be able to cut down the amount of spam that's sent, or received. All it can do is help domain holders avoid the brand dilution of having their domain name forged by spammers. This is a valuable contribution, but we must make it clear that none of these schemes will stop or even slow spam, and that their benefits accrue to domain holders, not to spam recipients.