Matthew,
http://mipassoc.org/csv/
Although this should not be a surprise, the CSV-CSA draft, at long last,
provides details regarding an "Explicit" bit for the PORT field within
the CSV-CSA record. This "Explicit" bit asserts all authorized domain
names for sending mail have specific CSV-CSA records. Upon failing to
find a specific CSV-CSA record, as many as five additional queries may
be made to check for this assertion. After extensive review, it was
concluded this would be the best approach.
The CSV-CSA record still provides assurance that a single DNS query can
both authenticate and authorize the sending SMTP client. This low
overhead is essential to protect the use of a domain name based
accreditation/reputation system. This protection can also extend to the
use of signatures as well. I hope to be posting detail on MASS shortly
explaining this possible synergy.
-Doug