[ sorry for lateness of my comments ]
2821 HELO/EHLO domain
- Allows for verification of status of an MTA, where such status
indicates whether the MTA is authorized to send mail.
- Can be used to establish an identity of MTA's for a domain for
reputation systems
- Requires changes/reconfiguration of MTA's to assure that meaningful
domain assertions are made
2821 MAIL FROM
- Indication of where bounce messages should be sent alone, not to be
confused with message sender identity (e.g RFC(2)822 headers)
- Linking domain "identity" to MAIL FROM could potentially provide
relief from bounce back forgeries (aka joe jobs)
- Any association between domain identity and MAIL FROM breaks some
current practices, such as forwarding, mailing lists, etc, without
employing questionable/suspect MAIL FROM re-writing schemes
- Requires changes to MTA's for any rewriting schemes proposed to
address forwarding
2822 From:
2822 Sender:
Are best left to digital signing technology independent of the IP/MTA
identity/authorization.
I am starting to agree that a good starting point for IP/MTA
authorization for this working group should involve HELO/EHLO checking,
and leave MAIL FROM, RFC(2)822 headers out of the discussion.
Regards,
David
dmayne(_at_)corp(_dot_)earthlink(_dot_)net