Jon Kyme said:
There's been discussion of ENVID on this list.
By ENVID, I take it that you mean RFC 3461. The last flurry of conversation
about this was in December 2003 (relatively recently), although it's popped
up a couple of other times also. Perhaps you can elaborate on why you see it
as a viable solution; I see some problems with it.
The ENVID value itself isn't useful for determining whether or not a sending
system has authority to use any given "MAIL From:" address. This *could* be
useful if there were a means to call back the alleged originating system and
verify the ENVID (since it should have originated there), but my skim-read of
RFC 3461 did not uncover any such verification mechanism. It's not clear to
me how ENVID is useful in the current context.
The same RFC also has the ORCPT parameter to the RCPT command, which is
similar in principle to what I am suggesting, but with significant
differences. For starters, ORCPT keeps only the original recipient, not a
forwarding path. There are still scenarios in which a sending MTA may produce
an envelope containing no addresses for which it has LMAP authorisation. For
example, mail from <A> to <B> which is forwarded to <C>, then to <D>. In the
transfer from C to D, we will have "MAIL From:<A>", and "RCPT To:<D>
ORCPT=rfc822;B". <C> is no longer mentioned.
Despite superficial similarity, my proposal is mostly orthogonal to ORCPT.
"VIA" is intended to keep a track of the route a mail message takes on its
way to the final recipient in a purely ESMTP environment. ORCPT tracks only
the original recipient, and is designed to take mail gateways into
consideration.
Additionally, the "VIA" specification could require that the most recent hop
in the path be verifiable by some means (ie LMAP), if we ever agree on a
standard means of testing. Failure to pass the test will be valid grounds for
rejecting the message. In contrast, RFC 3461 (5.1(b)) forbids rejection on
the basis of the ORCPT or NOTIFY parameters to RCPT (except for invalid
syntax).
In short, neither ENVID or ORCPT give us data which we can use for LMAP
verification of forwarded mail, whereas VIA does. I note that ORCPT is a
paramater to RCPT, and "Via:" should probably be a parameter to RCPT for
similar reasons.
So far as this mailing list goes, my favourite prior comment on the subject of
ENVID et al is the following one by Tony Finch.
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01854.html
Regards,
TFBW
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg