ietf-mxcomp
[Top] [All Lists]

RE: Draft Charter milestone sequence

2004-03-17 19:52:21


By publishing MARID records in DNS, isn't the sender stating 
facts about 
a relationship between his domain/IP and some header?

No, he is telling the world where his outgoing mail server sits.

Nothing else.

sorry for responding to my own post, but if people think that
the sender should be talking about headers then we should
allow the sender to choose which header they are going to
talk about.

"10.0.0.1 is authorized to send mail with an envelope From 
    of *(_at_)example(_dot_)com"

"10.0.0.2 is authorized to send mail with a message From 
    of *(_at_)example(_dot_)com"

"10.0.0.3 is authorized to send mail with a message Reply-to 
    of *(_at_)example(_dot_)com"


Question is what is the recipient going to do here? They are 
going to choose for themselves what they want to look up,
they might even look up all three.

Now imagine what happens if we get an email from 10.0.0.3 
and look up the address of the envelope from "example.com".

Oh dear we don't have the right data here! But what is the
chance that this is a forgery vs merely a misconfig? There
clearly is a strong connection to example.com here so we
are almost certain to accept the message REGARDLESS OF WHAT
THE RFC SAYS.


Now imagine that we decide to only allow one of those statements
to be expressed. Say the Envelope From statement. But someone 
is writing a filter at the MUA level so they don't see the 
envelope from. Do they tell their pointy haired boss that the
project is impossible or do they just ignore the spec?

And that is why this argument is unnecessary. It makes no 
difference what we decide to do, the receivers will do their 
thing. That is why I believe the spec should consist of only 
two parts:

1) Normative: How to publish the IP addresses of your mail servers
        and other helpful information for receivers.

2) Non-Normative: Humble and respectful hints to developers
        suggesting ways that they might choose to make use of this
        data if they happen to be interested in listening to 
        experience of others.

The big ISPs are already doing this, to get on a whitelist you give
them the IP addresses of your mail servers, not the details of 
your headers.

                Phill