On Apr 16, 2004, at 8:48 AM, Jon Kyme wrote:
put more plainly: allowing multiple identities (or policy algorithms)
places an exponential burden on the receiver as they must support for
all possible combinations.
No. Why? I can't see that the "receiver" has to support *any*. The
publisher isn't making a law here. The receiver is free to choose
which (if
any) scope they want to evaluate in. If I as a receiver chose to
implement
a scheme which evaluates authorisation based on the MAIL FROM
identity, but
the publisher asserts that a record is to be applied to some other
identity, I can return an undef or even apply it against the publishers
recommendation (I'd be foolish in the 2nd case). If a publisher asserts
that a record covers all possible "identities", I can chose to apply
it to
only one (or none).
You are correct that a receiver can freely decide not to use MARID.
But if a sender has no expectation and a receiver has no expectation to
understand the sender's assertion, then how well will MARID work? Is
this much different than just publishing the input docs as they are and
letting senders and receivers pick their favorite?
In order to accept as much legitimate email as possible using MARID
while thwarting spam, receivers have to understand the assertions of
the sender.
-andy