At 12:20 PM -0800 03/11/2004, Dave Crocker wrote:
Ted,
TH> I believe the point we're trying to reach is:
TH> "* The MTA from which my MTA received this message is listed as being
TH> allowed to send mail on behalf of the domain listed in the message
TH> (or not)."
"domain listed in the message" could mean the RFC2822 From, RFC2822
Sender, the SMTP Mail-From, or possibly even the SMTP EHLO.
Beyond "listed in the message" is being authorized by the containing
service provider to act as a client MTA.
(I'll leave out RFC2822 Reply-To, since I do not think anyone considers
it a viable example.)
These involve very different identity roles.
I agree. Which one is picked is a very important choice, and one aspect
of that choice is how closely we can tie each identity to the MTA and
to the zone
maintainer. I did not go into in that message, since the focus
was on "publish a permitted set description, check a record" vs.
"publish a record,
check the asserted permissions", but it clearly is a critical element
to get right.
regards,
Ted Hardie