Greg Connor <gconnor(_at_)nekodojo(_dot_)org> wrote:
In this case, you might allow user A to roam, but only using Earthlink,
and user B to roam, but only using Megapath, or something like that. This
would narrow the potential abuses down to where it's no longer useful to
most forgers... they will want to move on to the next target in order to
get their mail through.
This would be a very nice feature. At the least, I would advise allowing
for expansion to do this.
As a footnote, here are some other applications that could be done easily
with localpart lookups, and are difficult or impossible without it.
* Allow a fallback-to-unknown for most users, but publish a much stricter
policy for administrative addresses, like postmaster, support, etc.
Also desirable.
* If using a smart DNS server that allows rate-limiting, allow a few
messages from a certain user, but change the answer to NO after the
limit is reached.
Not that useful as stated here, but opens the door to useful things.
* Turn on logging at the DNS server so you can see ahead of time, before
turning on MARID, who the roaming users are and where they are sending
from.
There's quite a bit of promise here. Automated authorization for
roaming users is not trivial; but it could be made nearly invisible to
the actual users.
To gain widespread acceptance of MARID filtering, people will need
multiple ways of doing the things that basic MARID filtering would
"break". Leaving this door open would be very helpful.
--
John Leslie <john(_at_)jlc(_dot_)net>