Marshall Rose wrote:
in preparation for the next xmpp conference (to be held april 5th at
2100utc at conference room marid(_at_)ietf(_dot_)xmpp(_dot_)org), the proposed
co-chairs
ask the following of all interested parties:
by friday, april 2nd, please send an email to the mailing list
explaining which identity you think the working group should address
along with a short list of bullet points as to the trade-offs
associated with using this identity.
by "identity", we refer to:
2821 HELO/EHLO domain
2821 MAIL FROM
2822 From:
2822 Sender:
at the xmpp conference, we will discuss these issues interactively.
We should address 2821 MAIL FROM and, when FROM is <>, HELO.
I believe the semantics of this identity should be that the domain
identifies a party willing to be held accountable for the transmission of
messages for which this identity can be authenticated.
We should also ensure that any system that addresses verification of this
identity enable extension to cover 2822 headers without ugly hacks or kluges.
pros: This is the address that is used for bouncing after the message has
been accepted into a given system. Authenticating it, therefore, will
prevent receipt of nonsense bounce messages resulting from untargetted spam,
nonsense virus notifications, reputation-injuring domain forgeries, and
difficult to trace bounce bombs.
cons: systems which relay messages will have to find some way to validate
their relationship with the domain claimed in MAIL FROM.
Note that the above is not specific to any existing proposals, nor the
mechanics thereof.
Philip Miller
many thanks,
/mtr