ietf-mxcomp
[Top] [All Lists]

A 30% solution

2004-05-11 13:39:04

This is an attempt at a semantics. It's a 30% solution in that it addresses about 30% of SPFs functionality. Personally, I am unconvinced by the arguments about per user policy and forwarders, and therefore those issues are not addressed in this set of semantics (making this a rather simple subset of SPF semantics, I think). We can argue out whether we need to deal with per user policy or forwarders later. And do note that this is a straw man; it is something at which to throw the tomatoes, not anything I consider "done".

* Overview
When an SMTP server receives mail that purports to be from some domain (currently as determined from the domain name appearing in the MAIL FROM command in SMTP), that receiver will request MARID records from that domain. The MARID records will contain entries that (when fully resolved) will give the receiver two sets of IP addresses, those that are "legitimate" senders from that domain and those that are "illegitimate" senders from that domain. The receiver can then check the IP address of the sending SMTP client for membership in those sets and decide the appropriate disposition of the mail.

* The records
- MARID records shall contain a domain name (which can be resolved to IP addresses) as well as flags for the domain names. - MARID records must also be able to contain something that is or can be resolved to a range of IP addresses; we'll leave that as an open issue because it is more about syntax than semantics. - The initial set of flags will consist of "legitimate sender" and "illegitimate sender". Other flags will be available for extensibility.

* The operands
- The client (sending) SMTP server's IP Address (C)
- The domain portion of the MAIL FROM command (F)
- The domain returned in a MARID record (D)
- The set of addresses that are legitimate (L)
- The set of addresses that are illegitimate (I)

* The operations
- The receiving SMTP server gets C and F from the SMTP stream
- A DNS lookup is done for MARID records matching F to get D (which has "legitimate" or "illegitimate" flags) - All D's are resolved (as needed) to A or AAAA records for IP addresses (or ranges thereof). For each D with the "legitimate" flag, the IP addresses go into L. For each D with the "illegitimate" flag, the IP addresses go into I. - If C is in L, it means that F believes that C is an acceptable sender of mail. If C is in I, it means that F believes that C is not an acceptable sender of mail. If C is in neither set, F is making no claim on the acceptability of that IP address.

(What S does with the answer it arrives at is outside of the scope of the semantics, but it is likely our document will give some suggestions like "Don't accept mail from things in I, caveat some set of conditions".)

That's the quick and dirty proposal. Fire away!

pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102


<Prev in Thread] Current Thread [Next in Thread>