Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
I agree. The PRA does not authenticate the MTA as a means to identify
those administering polices to control mail.
I don't think that was it's intent. It identifies a responble
party, who may not be the connecting MTA.
The EHLO domain entity is granting access to the mail channel and they
have logs to sort out who did what. If networks are to be protected
from those wishing to abuse the system, only this entity is capable of
taking effective action to abate this traffic.
Then why do we have MAIL FROM? The user/domain in MAIL FROM is
claiming some kind of accountability for the message. They should be
held responsible for something, too.
Sender-ID does not provide author protection, as it makes a false
assumption RFC2822 content is secure
Is RFC 2821 content secure? As we've seen, it's unaccountable, and
untrustworthy. About the only field in RFC 2821 that you can trust is
RCTP TO, which doesn't mean much.
Alan DeKok.