The IETF has finally emitted the email anti-spoofing documents for the SPF and Sender-ID protocols. The most important thing is that the two protocols are issues as experimental RFCs, not standards. There is a huge difference, and the IESG tried to make that as clear as possible:
"The following documents (draft-schlitt-spf-classic, draft-katz-submitter, draft-lyon-senderid-core, draft-lyon-senderid-pra) are published simultaneously as Experimental RFCs, although there is no general technical consensus and efforts to reconcile the two approaches have failed. As such these documents have not received full IETF review and are published "AS-IS" to document the different approaches as they were considered in the MARID working group. The IESG takes no position about which approach is to be preferred and cautions the reader that there are serious open issues for each approach and concerns about using them in tandem. The IESG believes that documenting the different approaches does less harm than not documenting them. The community is invited to observe the success or failure of the two approaches during the two years following publication, in order that a community consensus can be reached in the future."
And, to be clear, neither protocol is directly anti-spam: they simply help the receiver believe that the mail is sent by the organization that claims it sent the message.
Posted by lookit at June 29, 2005 01:32 PM