ietf-mxcomp
[Top] [All Lists]

Re: RE: Can you ever reject mail based on RFC2821 MAIL FROM?

2004-04-28 01:56:33




The domain owner can let the receiver know that specific 
fields are to 
or not to be relied on for MARID checking. For example, if the domain 
owner sends mail with correct 2821 MAIL FROM but uses all kinds of 
values for 2822 From header, he wants the ability to let the receiver 
know that only 2821 data is to be relied on and not 2822 data. 

No he does not, it does not work.

Sender uses the following domains

2821:  Useless.com
2822:  Bonkers.com
2822:  Hopeless.com
2822:  TotalFailure.com

Where do you say 'ignore the 2822 data'?


No, no, no. Somebody is confusing sender and publisher. 
We don't want to say 'ignore the 2822 data',
we want to say 
    'ignore any 2822 use of this domain'.


Useless.com - this allows a spammer to disable all 2822 checking at his
option, that is so not happening.


No, see above, but of course
the spammer will use domains which have no published records ( or wildcard
records, or which assert no_2822 ) in his 2822 fields.

This is (of course) the pre-MARID situation, and this *is* so (currently)
happening.


Bonkers.com? If you don't want to have it checked then don't define a
MARID
record, or point the MARID record to Useless.com.




Well, no. 
If we consider evaluating the message example you gave, Firstly, we (as the
receiver) might get the record for Useless.com, we see it applies to 2821,
so we throw that in. Next, we may need to consider 2822 stuff so we get the
record for Bonkers.com and find out it says no_2822, so we skip along to
the other domains.

It may be that Bonkers.com is concerned about masses of bounces to forged
2821, but is happy to see their name in 2822 with any 2821, so not
publishing a record isn't an option they would choose.

I don't know that this is realistic. Is there anyone concerned about the
use of their name in only 2822 or only 2821 and unconcerned about other
use? If yes, the pubisher needs to be able to limit the applicability of
their record. But it wouldn't be so bad if MARID provides a facility that
ends up never being used, would it?


 



<Prev in Thread] Current Thread [Next in Thread>