Mark,
Who has authority to set the mailfrom?
MCL> The original sending entity, plus any MX handling the mail.
Huh? Why should an MX (ie, a relay) have authority to redirect bounces?
MCL> Basically,
MCL> whichever entity is currently handling the mail has the authority to
MCL> change RFC2821 ENVELOPE-FROM.
Oh boy, do I disagree!
That's like saying that anyone in the postal system has the authority to
change the return address on the envelope from me.
MCL> I can imagine this might stike some
MCL> people as odd, but if we're assuming that the originating entity is
MCL> always forced to go through an authorized MX to send mail, I see no
MCL> reason why that MX can't be granted authority over ENVELOPE-FROM.
MX is outbound, not inbound. There is no such thing as a "receiving
MX".
If we validate that the field is authentic, what good is that?
MCL> Well, depends on what you mean by "authentic". If "authentic" means,
MCL> "is a valid address capable of receiving mail",
...
MCL> If by "authentic" you mean "somehow verified as authoritative for
All of the proposals under discussion provide a formal authentication
mechanism. That's what I mean by authentic.
What will be better?
MCL> I think additional checks would be beneficial, but I see no reason to
MCL> exclude a check on ENVELOPE-FROM.
Folks need to start paying attention to aggregate costs. They also need
to pay attention to steps that do not provide significant improvements.
A security mechanism with wasteful requirements winds up being less
secure.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>