ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Another question on draft-ietf-marid-submitter-02

2004-08-04 13:55:22
from [Douglas Otis] [Permanent Link] 



On Wed, Aug 04, 2004 at 10:05:31AM -0700, Hadmut Danisch wrote:
|
| e.g. the message is sent with
|
| MAIL FROM: <aaa(_at_)aaa(_dot_)aaa> SUBMITTER=bbb(_at_)bbb(_dot_)bbb
|
| then bounce messages etc. are sent to aaa(_at_)aaa(_dot_)aaa, isn't it?
|
| Is that what it is supposed to be?
|

yes, that is correct.

if SUBMITTER is provided, you do an SPF query against it;
only a PASS result is acceptable; if you get anything else,
you reject.

if SUBMITTER is not provided, you fall back to the MAIL FROM
value; if you get a FAIL result, you reject.  You do the
fallback because you expect that the sender is in fact
SUBMITTER aware but because the PRA == MAIL-FROM the sender
chooses to reduce
  MAIL FROM:<K> SUBMITTER=<K>
to just
  MAIL FROM:<K>.

SUBMITTER was considered superior to SRS because it was
expected to be easier for forwarders.



This is not as defined in the Submitter specification with respect to
error results.  The Submitter draft does not indicate a fall-back to MAIL
FROM.  It only requires Submitter, if the PRA is different than the MAIL
FROM and Submitter is supported.  This Fall Back can only make this
assumption if Submitter is supported, but then it is not a suggested mode.

Submitter is not superior to BATV.

If the outcome of arm-twisting MTAs into publishing Sender-ID records, the
only logical recourse would be to include a Resent-From header to permit
customers to continue their normal practices. If that becomes the normal
case, then using and exposing the EHLO domain to the user from the
Received header would be of equal user value to that of a PRA identity. 
CSV would also give enforcement the domain of where to make a request for
a log.

The advantage to switching to the CSV EHLO domain would be a deterministic
load on the receiver (no additional DNS query), and the ability to
accredit the machine that allowed the mail to be sent.  Only a single
identity could be selected, as opposed to the PRA algorithm which could be
one of many, where only one may normally be seen.

(I would suggest some character used to terminate the EHLO domain to
indicate a successful authentication and authorization process.  There is
some general text within the CSV Intro draft to this respect, but it
should be made specific.)

-Doug
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Interaction with anti-spam systems (was Re: A spammer subscribed to this list ? ), Stephane Bortzmeyer
Next by Date:  Re: Interaction with anti-spam systems (was Re: A spammersubscribed to this list ? ), Douglas Otis
Previous by Thread:  Re: Another question on draft-ietf-marid-submitter-02, Michel Bouissou
Next by Thread:  Slide decks from MARID meetings, Harry Katz
Indexes:  [Date] [Thread] [Top] [All Lists]