Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
I agree with this view. PRA does not represent the accountable entity,
if viewed as the MTA being accountable.
I don't think PRA is trying to hold the current sending MTA
accountable.
If authenticated, the EHLO domain properly provides the accountable
entity.
For what? Validating EHLO ensures that you know someone's
accountable, but what for? The MAIL FROM may have a different domain
than EHLO, and the message body may have something else entirely.
There are multiple accountable entities. Sorting out who they are,
what they do, and how they interact is problematic. e.g.
EHLO accountability: The sending MTA is part of an administrative
system which is well-known, and understands that the MTA
is sending messages.
MAIL FROM accountability: Someone accepts responsibility for the
bounces.
"From:" accountability: with something like PGP signatures, an
individual is claiming responsibility for the message content
The different kinds of accountability are used at different stages
of passing the email message, and do different things.
Alan DeKok.