"Mark" asked:
<snip>
I am coming out of delurk for a moment. But could someone please explain why
we are having this discussion? I mean, rejecting with a 5.x SMTP error code,
based on whatever criteria, creates neither less, nor more liability, than
doing so, also for whatever reasons, has done for the last few decades.
There is, from the perspective of the sender at SMTP level, nothing
fundamentally different between, say, being rejected based on an entry in
the access database, and being rejected based on something found, or not
found, in the headers.
</snip>
<sigh>
We are having this discussion because I assert that the introduction of a
forgery test IS fundamentally new.
</sigh>
In accordance with the process defined by the Chairs I am explaining _my_
inability to deploy Sender-ID.
Some have attempted to show me that the technical basis for my concern is
unfounded. That is a really valuable process to go through - but so far no one
has convinced me that I have misunderstood the technical situation.
Using Sender-ID you can achieve a state where the authority who was purported to
be responsible for a message can tell you categorically "That message is a
forgery."
You then proceed to cause a bounce to be sent to a recipient defined in a
message you _know_ to have been repudiated.
"Why", the courts may well ask, "did you send a message, known to you to be
forged and potentially carrying malicious content, to this innocent child?"
See the early parts of the thread for the potential consequences of this totally
new situation.
Ignore the uninvited forays into the peculiarities of English law - they are
irrelevant to this thread.
The conclusions on potential legal consequences are necessarily mine and mine
alone.
Chris