Email Sender ID: It’s not dead yet

12

Author: Joe Barr

There is currently some confusion over the status of Sender ID in the IETF’s MARID working group which has been considering the proposed standard. NewsForge has gone to directly to the source to clarify reports that Sender ID is a dead proposal. It is not. It is very much alive. Here is what we’ve learned.

We asked the author or the SPF proposal, Meng Weng Wong, if he agreed with recent reports on Slashdot and elsewhere that Sender ID is dead as far as the IETF is concerned, and that “classic SPF” will replace it.

Wong replied:

No, I think they’ll both go ahead.
Sender ID is for MUAs, so it’s a natural choice for Microsoft. SPF and its evolutionary successors are for MTAs, so they are a natural choice for opensource. So I think we’ll be
fine overall.”

We also asked Yakov Shafranovich — who co-chaired the Anti-Spam Research Group
which worked on the SPF proposal before it was passed to the IETF last year —
the same question. Yakov replied:

I do not. The MARID co-chairs have made it clear that PRA and Sender-ID
is not dead. The consensus of the MARID WG is that Sender-ID in its
current form, restricted to PRA only, is not acceptable. However, the
compromise that Andy Newton floated allows for both PRA and MAIL FROM
checking, which is something that the MARID WG is willing to look into.
SPF is not in the picture, but MAIL FROM validation which SPF does is.
It is a small but crucial difference.

Also, the approval of any IETF standard is done by the IESG. The role of
the WG is to develop the draft standard and choose which parts of it
should be forwarded for approval to the IESG. At this time, the MARID WG
went back to the drawing board to work on the compromise solution. There
is still going to be another “last call” period to see if the combined
PRA/mailfrom Sender-ID solution is acceptable to the WG. Even if that
happens and the compromise version of Sender-ID is sent to the IESG, the
IESG will still need to evaluate it before approval, soliciting feedback
from the entire IETF. So this is not over by a long shot.

And finally, we checked with Andrew Newton, co-chair of the MARID Working
Group, asking him for clarification of the issue. He said:

Sender ID, which is a merger of SPF and Caller ID, is still under
consideration. The working group is going forward with a set of
specifications that allow network operators a choice on how to deploy
Sender ID.