On Tue, Mar 09, 2004 at 09:10:37PM -0600, wayne wrote:
|
| I think it is likely that there will need to be completely separate
| proposals for:
|
| 1) The "is this IP address authorized to be an MTA?" question.
| (e.g., MTA-Mark, SS, DUL lists, etc.)
|
| 2) The "is this IP address authorized to use a given domain name in
| the MAIL FROM (and HELO) address?" (e.g. RMX, SPF, DMP, etc.)
|
| 3) The "is this From: header from who it claims to be from?" (GPG,
| S/MIME, DomainKeys, Caller-ID, etc.)
I agree that these are three related but distinct areas; each deserves
consideration.
(1) has one dimension: is an IP address allowed to send mail?
(2) has two dimensions: is an IP address allowed to send mail *for a
given domain?*
I prepared two documents for the Seoul BOF in which I tried to emphasize
the distinction between (1) and (2) above.
http://dumbo.pobox.com/~mengwong/tmp/comparisons/buildyourown.png
http://dumbo.pobox.com/~mengwong/tmp/comparisons/familytree.png
This little diagram may help illustrate the differences visually.
http://dumbo.pobox.com/~mengwong/tmp/comparisons/2dimensions.gif
Today, DNSBLs filter along the IP dimension only.
In the future, with wide deployment of an SPF-like system, I hope that
accreditation and reputation services can help filter on the second
dimension as well.
cheers
meng