ietf-mxcomp
[Top] [All Lists]

Re: Intermediate MTA setting MAIL-From

2004-03-23 03:52:11

Who has authority to set the mailfrom?  If more than one entity has the
authority, what is the relationship among them?

If we validate that the field is authentic, what good is that? What will
be better?  What will not be changed?

You're right, of course, these are interesting points.
In other fields we often see a name "owner" exercising the right to control
the use of their name in public. In our area the idea of a "Domain name
owner" is fairly well established.

It's known that various agents assert names in (2821)MAIL FROM 
(and HELO) even though they have no connection with the name owner. Often
this is done with bad intentions. Sometimes this is done with the best
intentions. It's not currently easy to determine what the wishes of the
name owner are. Something involving MARID should make it easy for any agent
to determine this. This is in scope (I think).

Once we have this information, it can be made available to local policy
enforcement elements. What *use* is made of it will be subject to local
policy, but we can imagine any number of possible *uses*. This is not
strictly in scope (I don't believe).