On Mon, 21 Jun 2004, Dave Crocker wrote:
A successful SMTP Auth gives the receiving smtp server a basis for
believing that it knows who the sending smtp client is. With that
assurance about the identity of the client, the server can proceed to
assess the authorization (permission to be an smtp client) and
accreditation (degree of trust to give) appropriate for the client.
SMTP AUTH doesn't preclude lying in the HELO line. The use of consistent
SASL credentials from a particular sender does not imply they use a
consistent HELO domain. SMTP AUTH does not authenticate the data that CSA
and DNA use to look up the authorization and accreditation, therefore it
isn't suitable for use with CSA and DNA -- unless some additional
mechanism is documented that fixes this bug.
--
Tony Finch <dot(_at_)dotat(_dot_)at> http://dotat.at/