Jim,
JL> Reasons against EHLO or bounce address:
JL> 1. EHLO tells you a name for the sending MTA. But it gives you no idea
JL> whether that MTA is authorized to act on behalf of the name mentioned in
JL> the message he's sending. It seems therefore to be irrelevant.
Apparently you missed my earlier posting :
Channel-based tells us about the aggregate message-sending behavior
of a specific MTA. In a world of compromised personal computers,
this sort of aggregate assessment can be very helpful for
identifying "pipes" that are more or less dangerous.
Message-based tells us about a particular author. This is clearly
useful against phishing. To be useful against spam, the reputation
of each author must be assessed.
Note that per-message analysis does not permit the sort of
aggregate analysis that lets one determine that an entire ISP's
pool of systems is problematic.
Note the potential scaling benefits. With HELO-based you do one
validation per session, rather than one per message. In some
scenarios, that is a huge savings.
Even better, note the difference in registering the relatively
small number of sending MTA domain names, versus the very large
number of message authors.
A rather serious problem in these discussion is the implied assumption
that any single mechanism must do everything. We need to get away from
that, so that we can focus on having individual mechanisms that do
individual things that are useful.
There is nothing wrong with the fact that Sender-ID does not vet the
HELO field. And it should not try to. Sender-ID has a different goal.
That's fine.
We need multiple mechanisms, each attacking different parts of the
problem space.
That is what is called a layered defense.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>