I had a few thoughts in this area I added to the CLEAR wiki page (bottom of
http://wiki.fastmail.fm/wiki/index.php/ClientSmtpValidation under ?RP? ; )
I put a Glossary entry for a concept that doesn't have a name, AFAIK,
there. Please take a look.
Does "Whoisable Domains" seem like a sensible solution, technically, or
operationally?
BTW, the authentication Doug says is missing isn't*. In making CSV
backwards compatible with legacy SPF records, we can get authorization
and authentication.
In determining that there is an SPF record that authorizes use of
finger.arm.body.matthew.elvey.com by the connecting IP, we get both. Iff
there's no SPF record set, there's no authorization; iff the IP isn't in
the resultant set of IPs, there's no authentication.
John, you say that using the Zone Cut is a Bad Idea (won't work
reliably). Does that mean that SPF (spf-draft-200406, which requires
use of a Zone Cut for an optional feature) is defective? ((I notice
that this feature is gone from the latest daft from Lentczner, but I
think that means it breaks email from
foo(_at_)finger(_dot_)arm(_dot_)body(_dot_)matthew(_dot_)elvey(_dot_)dom, which
may not be progress, but I
digress...))
*Unless one is concerned with coming across wacked out DNS entries for
legit senders whose HELO domains have more IPs than fit in a UDP packet.
A set that I believe is empty, and if not empty, close enough to empty
not to matter materially and be easily fixable.