Meng Weng Wong wrote:
On Thu, Apr 29, 2004 at 03:51:41PM -0700, Pete Resnick wrote:
| 3. Come up with some specific 2821 policy (or policies) defined in
| that language.
| 4. Come up with some specific 2822 policy (or policies) defined in
| that language.
From discussion in this working group, it appears that the bulk of the
complexity in verifying 2822 headers is in the algorithm that selects
the purported responsible domain. Microsoft has done a lot of thinking
in this area already, the most recent fruit of which is Harry Katz's
modified header selection proposal.
Once we have chosen an address or addresses, we can apply the exact same
lookup algorithm that is used forthe 2821 headers. The lookup is just a
function that takes (ip, email_address, ...) arguments.
Another algorithm will be required to find the IP address. For both 2821
and 2822 checking checking can be done at MTA level, or by a filter
after the MTA, and perhaps even on MUA level based on the "Return-Path"
header. This is a bigger concern for 2822 checking than 2821 checking,
because that is more likely to be done after the MTA.
So, on point 4, I suggest we define a policy for receivers to follow:
that policy should be a standard algorithm which has implications for
conformance, but it should not necessarily be defined in the sender-side
language.
Can you elaborate on this? I am not sure what this would do.
Yakov
--
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"And this too shall come to pass"