By publishing MARID records in DNS, isn't the sender stating
facts about
a relationship between his domain/IP and some header?
No, he is telling the world where his outgoing mail server sits.
Nothing else.
sorry for responding to my own post, but if people think that
the sender should be talking about headers then we should
allow the sender to choose which header they are going to
talk about.
"10.0.0.1 is authorized to send mail with an envelope From
of *(_at_)example(_dot_)com"
"10.0.0.2 is authorized to send mail with a message From
of *(_at_)example(_dot_)com"
"10.0.0.3 is authorized to send mail with a message Reply-to
of *(_at_)example(_dot_)com"
Question is what is the recipient going to do here? They are
going to choose for themselves what they want to look up,
they might even look up all three.
Now imagine what happens if we get an email from 10.0.0.3
and look up the address of the envelope from "example.com".
Oh dear we don't have the right data here! But what is the
chance that this is a forgery vs merely a misconfig? There
clearly is a strong connection to example.com here so we
are almost certain to accept the message REGARDLESS OF WHAT
THE RFC SAYS.
Now imagine that we decide to only allow one of those statements
to be expressed. Say the Envelope From statement. But someone
is writing a filter at the MUA level so they don't see the
envelope from. Do they tell their pointy haired boss that the
project is impossible or do they just ignore the spec?
And that is why this argument is unnecessary. It makes no
difference what we decide to do, the receivers will do their
thing. That is why I believe the spec should consist of only
two parts:
1) Normative: How to publish the IP addresses of your mail servers
and other helpful information for receivers.
2) Non-Normative: Humble and respectful hints to developers
suggesting ways that they might choose to make use of this
data if they happen to be interested in listening to
experience of others.
The big ISPs are already doing this, to get on a whitelist you give
them the IP addresses of your mail servers, not the details of
your headers.
Phill