Greg,
GC> I would like to see the first
GC> push aimed at RFC2821 MAIL FROM,
Why? What does a validated bounces address tell you and what does it
take to validate it reasonably?
(Yes, I understand that unauthorized use of bounces addresses are a
problem, but the question is whether directly solving that makes sense
or whether solving it indirectly makes sense. Of course, the answer
hinges on the difficulty of each approach.)
GC> but beyond that, HELO checking might have
GC> some value too.
HELO asserts the identity of the MTA. It is the only place this is
asserted. Would it be useful to know that an MTA is authorized to be an
MTA? Would it be useful to know this independently of any particular
From/Sender/MailFrom address?
MCL> data, but anecdotal data from the organizations for which I've worked
MCL> over the past 15 years or so would indicate that the volume is somewhat
MCL> higher than "a few geeks".
Indeed, the growth of hotspots and probably explosion of mobile Internet
access suggests that we be very careful in limiting access and usage
scenarios.
Pretty much every time we take a snapshot of current behavior and assert that it
predicts the future, we are wrong.
The current problems with site multi-homing are an example. 10 years
ago, the CIDR discussions included the challenge of having a site homed
through multiple, indpendent upstream providers. Because it was not
popular back then, the scenario was utterly dismissed.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>