John Glube wrote:
Therefore, in simplistic terms:
The ESP is responsible to the Net to stop abuse
coming from its network.
The ESP is accountable to the Net to respond to
complaints of abuse coming from its network.
It is therefore appropriate in most cases that the
ESP is authorized to sign for mail sent from its
Network on behalf of its clients using the sender
header because the ESP is the responsible and
accountable party to the Net.
Hi John,
That may be so, but by the time the receivers, "a real victim" of the
torrent abuse of transactions that by today measures is 9 of 10
messages, gets the mail:
a) it doesn't have a clue what function you (the SMTP Client) is
serving. Is it a ESP, ISP, ABC, XYZ?
b) Does it matter? It doesn't care? and
c) There is no reason to trust that the sender represent the important
2822.FROM domain owner.
Whats to stop any sender, whose true role the RECEIVER does not know or
care, from using any 2822.FROM domain?
What purpose does validating the DKIM signature of the SENDER?
Are you suggesting that as long as we AUTHENTICATE the sender, the
payload, any payload can be trusted? That it can use any domain it wants?
If so, there are far more cheaper mechanisms than DKIM (a payload
solution) to do TRANSPORT authentication/validation.
---
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html