ietf-mailsig
[Top] [All Lists]

RE: Web pages for MASS effort

2005-01-07 19:29:31

On Fri, 2005-01-07 at 14:09 -0800, Hallam-Baker, Phillip wrote:
HELO validation in the style of CSV using SPF records for data may be
a very effective and useful compliment to MASS.

A security benefit potentially derived from MASS is a relatively strong
authentication of the domain administering access to the mail channel.
Authorization schemes associated with different identifiers such as
MAILFROM or headers within the message by filtering software compels
authorization to a diverse array of providers.  As such, the entity
providing authorization may be far removed from administering the
authorized transport and potentially injured by a security lapse well
beyond their control. 

Not attributing abuse to the wrong entity requires authentication, and
not just authorization, as the mail channel does not have adequate
integrity otherwise.  Authentication and authorization are orthogonal
and independent efforts.  Nothing, after the fact, changes the intent of
a record.  This conversation should be on the proper reflector:

http://mipassoc.org/clear/

-Doug






<Prev in Thread] Current Thread [Next in Thread>