Eliot Lear wrote:
On 11/2/09 12:20 PM, Ian Eiloart wrote:
--On 30 October 2009 19:52:54 +0100 Eliot Lear <lear(_at_)cisco(_dot_)com>
wrote:
I can't say, but I do know that many of us toss a whole lot of mail at
EHLO, some at MAIL FROM:<> and some at DATA. The idea I was thinking
about was whether it provides any value whatsoever to at least know that
you are authentically dealing with a legitimate source sooner, without
having to send even a whole header.
Yes it would help, but probably not more than an SPF pass would help.
What do you get from that? Well, you can check the reputation of the
MAIL FROM address.
Well now we're quibbling about how to check the MAIL FROM address. I'm
still interested in an end-to-end approach. SPF doesn't give you
end-to-end. A legitimate intermediate could have been compromised, for
instance. MAIL FROM *does* change for mailing lists, of course, but
then they should re-sign anyway.
Well, on the envelope level there's not much that carries over from end
to end, is there? The only thing that comes to mind is the MAIL FROM
itself (with the remark made by Eliot, see above) and the use of DKIM in
combination with something like BATV. This has been discussed before,
see for example the thread "BATV pseudo-Last Call", e.g.
http://www.imc.org/ietf-smtp/mail-archive/msg04856.html. I'm not sure
about any definitive conclusions within that thread, maybe someone who
participated in that thread can summarize.
Of course, I'm still not sure this is
worth the effort to fix because SPF could be Just Good Enough for the
1st pass, and then DKIM can be used on the body.
I'm not convinced SPF is good enough for the 1st pass.
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html