"Peter Kay" <peter(_at_)titankey(_dot_)com> wrote:
2. The recipient does not have me on their whitelist, so they send a
challenge. But because their "FROM" address in the MAIL command is
NOT the sender's address, TTK doesn't have that address on its
whitelist so it sends a challenge to the challenge.
End result is that the TTK user never sees the recipients challenge
and the recipient never gets the email. So what ends up happening is
the recipient has to go through their quarantine folder and pull out
the email. The TTK user never gets the email because the challenge
was killed in the MAIL command.
So, to me, C/R systems need to at least use their end-users email
address on the MAIL FROM address in the mail command.
Using a Reply-To could throw a bit of a monkey-wrench into this. Perhaps
the protocol should specify sending to the Reply-To (if present), and if
that verifies, then consider the From verified as well.
Also, many people have Lots And Lots of addresses. I can think of three
addies offhand of mine that lots of people get email from, not counting
the temporaries, and sometimes I forget to switch addies when sending to
certain people. Perhaps the protocol could also say, "I might also send
you email later under the following addresses", and whitelist them too,
possibly with the whole C/R process repeated for each.
Something tells me there are problems with these ideas, but there's too
much blood in my coffee stream to figure them out at the moment. |-)
--
David J. Aronson, Unemployed Software Engineer near Washington DC
See http://destined.to/program/ for online resume, and other info
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg