Hallam-Baker, Phillip wrote:
Let the MUA display the "Return Path" header which will be
verified via MAIL FROM.
Changing the MUAs is a completely unreasonable demand. Changing the
ad hoc forwarding services to honestly describe themselves as such
is a completely reasonable one.
So I am assuming that you want the "From" header to be checked at the
MTA level during the DATA command. Doesn't MSFT's CID proposal check
headers at MUA level? They don't seen to have a problem with MUA changes
but then again they develop 70% of MUAs in the world.
I am not against checking MAIL FROM, but checking RFC2822 headers brings
up a host of other issues which are difficult to deal with. It will
break more functionality than RFC2821 headers, and is more difficult to
implement. Therefore, if we want to be moving in that direction, we need
to evaluate issues much more carefully.
The easy way to address this is to add a flag onto the policy
description:
_spf.verisign.com TXT "IP:10.0.0.1/24 verify=rfc822"
Or equivalent in your favorite syntax.
Key word "policy description". This group is concerned with a very small
goal - authorization records for MTAs or in your own words "listing out
the edge mail servers". We are not making generic policy exchange
mechanisms - if you want to make those, then we need to restate the
problem and evaluate it from that angle. Otherwise, you will end up
overloading MARID for the purposes it was not intended to be.
All we are doing here is listing out the edge mail servers. You can
play whatever games you like but this is where implementers will make
their own decisions. If they want to check 822 headers they will.
I am not so sure. It would greatly help if we can get feedback from
actual people who will be implemented since neither Verisign nor
SolidMatrix is in the business of making email filters.
Rather than telling the postcard web sites that nothing is going to
change it would be better to tell them how to change in a way that
is going to maximize the chance their mail gets through.
That is the reason that people are putting these records up, they
want to maximize the probability that the email they source gets
through.
I am not sure I get this. If we verify MAIL FROM, then the greeting
cards companies are changing anyway?
Yakov