Still, the main thing that YASAF *does* is based on the fact that it is sponsored by Yahoo who is one of the major e-mail domains out there, while SPF is sponsored by more-or-less no-one.
That's absolutely correct. The 800lb gorilla factor cannot be overlooked.
However, be assured that if Yahoo cooks up something obnoxious, like some scheme that involves a trusted certificate authority, nobody will pay any attention to the gorilla. Nobody is going to pay $100/yr for the privilege of obtaining a certificate to validate their mail.
But I think that as far as 800lb gorillas go, Yahoo probably has a better chance of putting something workable on the table. I would feel fairly comfortable pronouncing âdead-on-arrivalâ any similar press release from Hotmail (for the obvious reasons).
It is a fact that there's an awful lot of crap being thrown around with @yahoo.com return addresses. You just HAVE TO KNOW that if there's ANY WAY that any Internet provider can easily trash all that spam, without even the slightest possibility of interfering any legitimate @yahoo.com mail (setting aside the marginal case of someone using their yahoo.com address from their ISP), then you, as an ISP, would have to be astonishingly DUMB not to make use of this opportunity.
And once the infrastructure is in place to validate @yahoo.com mail, there's virtually no added cost to turn it on for any other domain.
And, as long as anyone can play, without paying a dime, there's absolutely no reason why any other E-mail provider would NOT voluntarily choose to authenticate their E-mail in a similar fashion.
Everything is hinging on the proposition that Yahoo is not about to try something stupid. If they get it right, you're going to have a snowball effect coming down the hill.
pgp00000.pgp
Description: PGP signature
