Bart Schaefer wrote, On 11/19/11 7:32 AM:
On Nov 19, 1:54am, Bill Cole wrote:
}
} The reason the idea is absurd (beyond being utterly worthless as a
} practical matter) is that MID headers are frequently generated by
} MUA's that do not have any way to communicate the MID to the DNS
} authority for the domain part
Wouldn't it be the MTA that would be responsible for grabbing fields
out of the header during transmission and adding them to DNS? This
would require that the MUA or MSA only talk to an MTA that has that
capability for the domains in both the MID and From, which is a whole
different kettle of fish.
It would also be a radical narrowing in the definition of legitimate mail
submission.
As it stands, it is a sound practice to use unrelated domains for the SMTP
envelope sender and From/Sender/Reply-To/Message-ID headers. SPF was created
with the hope that mail transport routing could be controlled enough to
allow repudiation of mail at the transport layer, but that has proven to be
a failure in general application. Only a small number of special-function
domains can safely use "-all" in their SPF records.
Shorter: This mechanism would force some people to change how they submit
mail. SPF has demonstrated that to be a crippling flaw.
It'd be possible for a 3rd-party service to provide both the database
and the DNS for this, but that's essentially re-inventing Goodmail,
which already failed in the attempt.
We are at the point in mail authentication where there is very little space
left for truly new mechanisms that aren't ultimately equivalent to existing
limited successes like SPF and DKIM or past failures like Goodmail.
Anyone who wants trustworthy mail authentication and is willing to sacrifice
the inherent functional and overhead costs of that ought to know where to
find S/MIME and PGP. With SPF and DKIM broadly but not universally deployed
it is hard to seriously consider proposals that buy slightly more
authentication at the price of slightly constricting how people use email
and requiring mail providers to set up substantial new infrastructure. From
what I can see, there is very little space for concrete improvement from
mail authentication without requiring smarter users and/or the end to
accepting mail from random well-meaning strangers. The former is a pipe
dream, the latter would be a tragedy.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg