Maybe I'm dense, but why would anyone care about alleged reputation
data that a sender included in his own headers? It only makes sense
for recipients to check reputations of incoming mail.
sender(_at_)bigisp's MUA submits message to
MTA(_at_)bigisp for relaying to recipient(_at_)destination over an
authenticated
channel.
MTA(_at_)bigisp adds reputation tag describing sender(_at_)bigisp's reputation
and the fact that the message arrived over an authenticated channel.
MTA(_at_)destination receives message
MTA(_at_)destination verifies MTA(_at_)bigisp's tag
MTA(_at_)destination adds tag describing MTA2(_at_)bigisp's authentication *
MTA(_at_)destination adds reputation tag describing MTA2(_at_)bigisp's
reputation
recipient(_at_)destination's MUA analyzes both reputation tags and
treats message accordingly without having to do a reputation or identity
verification lookup on sender(_at_)bigisp(_dot_)
recipient may submit reputation tuning requests through channels
described within tags through "standard" feedback request protocols.
* Received-SPF- tags are authentication tags currently in use in this role
The proposed tagging prefixes Is-*, Is-Not-*, If-* and If-Not-* could map
very well into reputation. The initial use of them, providing feedback to
statistical junk identifying systems, could be considered a kind of reputation
system, where the granularity of the reputation is the words or phrases in
the message, rather than an authenticated sender.
Given a "Welcome" (instead of "Junk") tag to indicate reputation, a MUA
that respected SJMDP's tags and could generate tuning requests using
the instructions in the If- tags could send tuning instructions to the
reputation
tagger with the same ease as sending tuning instructions to the statistical
junk tagger.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg