Folks,
I think that Hadmut is moving us in the right direction, but I continue
to urge us to be more precise:
Identity Sending MTA's IP address
This means the peer, SMTP client, right?
Authentication Verifying the Identity (TCP sequence numbers)
Authorization Domain owner's statement
Which domain?
(It is ok if the answer is something "it depends upon which proposal is
being considered" but, again, I think we need to be clear about our
ambiguities/variables.
For example, I suspect that the definition, for this level of
discussion, needs to be something like "the owner of a domain that is
obtained from some portion of an SMTP transaction."
Policy Receiving MTA's way to treat messages with or
without Signature, LMAP authorization, or from
domains without LMAP record, or DNS server down
Most discussions have described a policy as guidance, from the domain
owner and to the server SMTP, concerning the way the server should treat
messages...
That is, the policy comes from the domain owner; the server SMTP decides
whether to conform to it.
" Is there IETF work that we should take on to develop a mechanism
" that allows an MTA to use a DNS-based record to signal to peer
" MTA's that it is authorized to send mail?
nfmc> Very good point.
For reference, I think this is the right scope and goal for an IETF
working group to tackle.
However, as always, an agreement at a face-to-face meeting needs to be
confirmed online.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>