On 12/20/2004 10:11 AM, Douglas Otis sent forth electrons to convey:
...
Abstract
For domains sending mail, there is often a desire to publish policies
indicating types of mail sent. Need for a domain based mail policy
facility has become pronounced as many find their server and mailbox
domains forged to usurp and thus potentially damage reputations. It
could be advantageous, as example, to request refusal of mail where
the [RFC2821]Klensin, J., Simple Mail Transfer Protocol, April 2001.
<#RFC2821> HELO/EHLO does not reference a [ID-CSVCSA]Otis, D.,
Crocker, D. and J. Leslie, sending SMTP client Authorization (CSA),
June 2004. <#ID-CSVCSA> record. These policies may include other
prescriptions, such as to request refusal of mail not digitally
signed. This document also standardizes Name and IP address lists
useful for whitelisting to implement policy exceptions.
I find this extremely hard to digest. I don't think this meets the
guidelines at http://www.ietf.org/ietf/1id-guidelines.txt, which I think
are intended to make it readable.
How about something simpler, like this:
Client SMTP Policy (CSP) is a way for a domain to indicate what kinds of
mail it sends out. CSP extends CSV and depends on CSV for security and
to help define what mail the domain authorizes be sent in its name. It
can indicate, e.g. that all the mail it sends is from CSV-compliant
servers, or is digitally signed, or that it sends no mail at all.