Jon Kyme wrote:
The one major objection I had to what was said in the LMAP document is
all the vague references to "changing semantics". I don't see how any
of the LMAP proposals seriously change any semantics, and this phrase
seems to have been latched onto and blown out of proportion by various
people. (Mostly people I don't recognize being involved discussions
on SPAM-L, NANAE, ASRG, SPF-discuss, etc.)
There are those who hold that MAIL FROM data is sender identification
(claiming support from RFCs 2821, 821, 788).
There seems to be a school of thought that holds that *use* of
MAIL FROM data for anything other than (more than) return-path is a change
of semantics. Some adherents hold that the RFCs are just plain wrong.
There's a pragmatic position - "I can, and am going to, use MAIL FROM data
as a basis for policy enforcement. So live with it."
If you can characterise other camps that I've missed, I'd be interested to
hear.
I think that the important point is, no matter which school you belong
to, with the existing proposals (except Caller ID), the data in the MAIL
FROM command becomes tied in to the domain data. You can either look at
it as a way to identify the sender, or as a way to give the domain
owners ability to consent for their domain to be used as bounce address
in MAIL FROM; BUT either way it will become verifiable unless some other
way is proposed to pass the information.
It is also important to note, that there are two different parts to all
proposals: publishing the data and using the data.
Yakov