Re: Can you ever reject mail based on RFC2821 MAIL FROM?
Greg Connor wrote:
In general, an MTA should either be an agent for the sender, or an agent
for the receiver. Third-party MTAs don't get involved just on a whim;
either the sender or the receiver asked for them to be involved. If a
receiver wants to receive forwarded mail, the forwarder needs to comply,
or they need to make an exception for that forwarder.
Thank you for stating this explicitly. I had thought this much was clear to
all, but apparently not.
In the case of the senders' agents, it is reasonable to ask the sender to
verify that a given peer MTA is acting on behalf of one of their agents. In
terms of the proposals we're discussing, that means publishing MTA
authentication information in the DNS.
In the case of the receivers' agents, it is reasonable to ask the receiver
to ensure that their agents are acting as desired. In the case of a
forwarder passing messages along to an ISP account that the human recipient
has little technical control over, it means that either the receiver or the
forwarder must make some provision to 'appease' the ISP 'in the middle'.
This could mean 2821 FROM rewriting, or it could mean anything else.