Matthew Elvey <matthew(_at_)elvey(_dot_)com> wrote:
On 3/27/2004 4:09 AM, spharion(_at_)directnet(_dot_)com(_dot_)br sent forth
electrons to
convey:
this is a tentative option to spf, but does not
seem to break forwarding:
http://nucleo.freeservers.com/mba/
Interesting idea with probably fatal flaws.
Maintaining a dynamic database is much harder than a static one, but
that's a minor issue.
SPF allows mail to be authorized from servers that the domain in
question doesn't trust to do anything more than not spam.
This proposal would require they be able to alter the database on the
DNS server! Tricky.
That could be avoided via indirection; that is, if bobsite.tld is set
to trust panix.com, it could set an indirect record that says in
effect "Also look for _mba.bobsite.tld._indirectmba.panix.com".
However, that does break forwarding: the typical forwarding case is
one unpriveleged user at ISP1 has a mail account at ISP2 that he sets
to forward. It is clearly not the case that everybody who sends mail
to him at ISP2 is willing to trust ISP2. Nor is it necessarily the
case that even ISP1 is willing to trust ISP2, except for that one
user.
I don't see any way to handle that case with _mba.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg