On Apr 22, 2004, at 12:17 AM, Greg Connor wrote:
o For 2821, we will either pick HELO or MAIL FROM, but not both as
they have different meaning. In the case of a null MAIL FROM, the
receiver has the choice to abandon the MARID check or drop back to
2822
checking.
This is a little odd, and I'm not sure if I understand it. But, I
think HELO and MAIL FROM checking are compatible with each other, for
the same reasons mentioned above... they just do two different things.
(i.e. usually the HELO name is different from the domain in the MAIL
FROM address, so again, each can be checked against its own DNS entry)
MAIL FROM checking is important so that I don't get bounces from mail
I didn't actually send. HELO checking is not as important, but some
domain owners don't want their domains used as fake HELO values and we
can accomplish that pretty easily.
So how about this proposed language to replace the above paragraph:
o For 2821, MAIL FROM will be checked against its domain. In the
case of MAIL FROM: <>, check the MTA authorization using the same
logic as MAIL FROM: <postmaster(_at_)HELO>. Because HELO name is used
sometimes as a fallback (i.e. for DSN messages) it is expected to have
sensible LMAP info of its own, and any name used as a HELO (usually
the FQDN of your mail servers) is either used consistently with its
LMAP info or will have no LMAP info associated with it. Some
recipients may choose to check the HELO name all the time, not just on
MAIL FROM: <>.
While not getting into the details, I think the overall point is that
we could also have a selection algorithm for 2821 just as with 2822,
right? I believe this is what Gordon was also saying. And it sounds
reasonable to me.
-andy