Subject: Re: AOL on Sender I.D..
Newsgroups: gmane.ietf.mxcomp
Date: 2004-09-16 19:34:20 GMT (3 years, 41 weeks, 5 days, 10 hours and 13 minutes ago)
> We do welcome any statements directly from AOL or any network > operations group regarding their plans for Sender ID or CSV. However, > we ask that they respect the fact that this is a discussion list and be > prepared to answer any technical questions that may arise from their > statements. > > -andy, MARID co-chair We remain committed to sender identity technologies. We intend to begin beta testing SPF on our inbound systems very soon (weeks from now). SPF is low hanging fruit that will benefit AOL and many other domains although it will not work for 100% of the mail we receive. But it will work for >80% of the mail we receive and that is good enough for a first strike. We also believe that the best way to secure the 822 FROM address is a content signing approach which is out of the scope of this working group. We hope to see a new group formed to tackle the issues in this arena. DomainKeys, IIM and TEOS are all reasonable technologies in this arena. We are sure their will be more which is a good thing for a working groupWe remain committed to other IP based approaches and see a lot of benefit to the "newer" CSV idea. AOL already gets >85% of our spam from other ISPs main outbound MTAs. SPF, SenderID, and Domainkeys will not change that as this mail also uses the legit domain of that local ISP in the 821/822 headers. CSV and certain best practice documents (BCPs) shift the responsibility to the sending organization for the mess they create through their insecure networks and insecure practices (like lack of SMTP AUTH of any form, lack of any outbound controls, inability to suspend accounts, insecure web servers, etc). -Carl -- Carl Hutzler Director, AntiSpam Operations America Online Mail Operations cdhutzler <at> aol.com 703.265.5521 work 703.915.6862 cell