ietf-mxcomp
[Top] [All Lists]

Re: Passing authentication information via SMTP

2004-02-29 00:52:42

Gordon Fecyk wrote:
One of the concerns raised with LMAP proposals is the fact that they overload the MAIL FROM command.

Isn't that the intent?

I understand overloading a DNS record type - giving more meaning to a
record type than originally intended.

I'm not as clear on "overloading" a SMTP command, especially this one as
MAIL FROM is supposed to tell us who the mail is from and we're only
verifying that - at least as far as the domain part for most.


The MAIL FROM parameter does not tell us where the mail is from, only the bounce address for that email. The assumption is that whoever is the bounce address is, is probably the sender, but in many cases especially mailing lists, that is not true. As a matter of fact in some protocols such as SMTP AUTH, the sender's identity is passed in an SMTP extension separate from the bounce address.

This of course depends on what the LMAP proposals are designed to do. If they are designed to give domain owners ability to state which MTAs can use their domains in the bounce addresses, that's fine but it should be clearly stated as such and not be confused with the sender of the email, which is unknown during the SMTP transaction.

Yakov


<Prev in Thread] Current Thread [Next in Thread>