The Differences Between Caller
ID and Sender Policy Framework Plans"> One difference between the schemes is that with Caller ID the entire message is read, allowing the comparison to the valid sender addresses to be performed against the full header information. This could allow for a better analysis, and opens up the possibility that a modified e-mail client could be involved in the decision-making. The downside is that under Caller ID the Message Transfer Agent necessarily reads more spam than with Sender Policy Framework, wasting bandwidth and memory.Some critics have argued that the verbosity of XML will cause problems with the DNS protocol which is typically performed with User Datagram Protocol (UDP) and limited to 512-byte packets. Microsoft responded that its kept the XML vocabulary terse and the tags very small, and that there is a mechanism in the specification by which commands can span UDP datagrams. Sender Policy Framework has already been adopted by a large number of domains (7,693 as of February 24), including some famous destinations such as Symantec.com, Motleyfool.com and Oreilly.com. However, of all the domains currently advertising Sender Policy Framework records in their DNS, the one that really matters is Aol.com. With Microsoft implementing the Caller ID plan and Yahoo touting its own Domain Keys proposal, the good news is that all three of the largest mail providers in the United States are committed to SMTP authentication. The bad news is that they are committed to three different implementations. Bill Gates is correct that the Internet will become a test laboratory for the next few months, as major ISPs, ISVs and corporations evaluate the alternatives. The only mechanism for determining the winner will be standards groups such as the Internet Engineering Task Forces AntiSpam Research Group (ASRG), which moves at a speed unworthy of the Internet. And then theres the loosely-knit association between Microsoft, AOL, and Yahoo! on spam control. In other words, its up to the big boys now. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Be sure to check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, views and analysis. Be sure to add Our eWEEK.com Security news feed to your RSS newsreader:
More from Larry Seltzer
Microsoft also argues that its use of XML to encode the DNS record information is more forward-looking, in that XML was designed to encode systems like this.