|
Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt
2005-03-04 07:25:14
Well, current SMTP specifications allow for anyone to use any
domain in either the rfc2821 identities, or any place in rfc2822.
All authentication schemes intend to change that.
AFAIK, none of SSL, TLS, or SMTP AUTH make any such change.
well, it depends on what you mean by "being able to use any domain"
Well, that was Wayne's comment. From my perspective (as a mobile user
(i.e. connecting via an unpredictable IP address) with need to use
only a few domain names) I'd phrase the issue as "being able to use
any IP address"; and that's where SPF utterly fails.
or to put it another way, SPF is not applicable to that case.
To be precise, I mean that when sending mail, I need to specify a
mailbox in the return path which uses my ISP's domain name (because
that (my mailbox) is where legitimate bounces should go) and likewise
in the From and/or Reply-To and/or Sender fields of the message header
-- regardless of my IP address, and regardless of the ISP that I
happen to be sending the message(s) via, if I use an ISP's SMTP relay,
and regardless of whether I choose to use such a relay (e.g. to store
a single copy of a message for distribution to multiple recipients) or
to directly connect to the designated MX host(s) for the message
recipient(s).
entirely agree. and a number of ISPs and networks are blocking
outbound access to port 25, thus forcing their users to send outgoing
mail via their SMTP servers (they may permit use of another network's
submission server on port 587).
And SMTP AUTH provides for SMTP session authentication independent of
transport layer security, and without imposing unreasonable
restrictions on IP address or domain name.
then again, in most cases, SMTP AUTH does nothing to authenticate the
message originator to an intermediate MTA or recipient. it can
authenticate one MTA to another, or it can authenticate an originator
to his message submission agent, but it doesn't do much to address the
problem of an MTA or recipient that wants to avoid handling
unauthorized mail. so SMTP AUTH is really not comparable to the
authentication schemes Wayne was referring to. SMTP AUTH was mostly
intended to allow servers to accept outgoing mail without being open
relays.
what might be useful is for an MSA to use SMTP AUTH to establish
credentials of an originator, and then use that to add headers to a
message authenticating that message as being from that originator.
(though you need some way for the originator to defeat that in case he
wants to be anonymous)
Keith
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, (continued)
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Keith Moore
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, wayne
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Keith Moore
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, wayne
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Bruce Lilly
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Keith Moore
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Bruce Lilly
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt,
Keith Moore <=
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Bruce Lilly
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Keith Moore
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Bruce Lilly
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Tony Finch
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Charles Lindsey
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, wayne
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Keith Moore
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Bruce Lilly
- Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, Tony Hansen
|
|
|