ietf-mxcomp
[Top] [All Lists]

TECH: use fetchmail algorithm to select header address to verify

2004-09-06 14:23:02

"John" == John Levine <johnl(_at_)iecc(_dot_)com> writes:

    John> The widely used fetchmail package includes a section of code
    John> that determines the most likely responsible party for an
    John> e-mail message.  Its algorithm is similar to PRA but not
    John> identical.

I think the fetchmail algorithm is a red herring.  It basically boils
down to: determine the envelope sender from the headers.  If you've
got a broken MTA, then use an algorithm which is similar to the PRA.
If that fails, there's yet another fallback.

If we're doing this at the SMTP level -- which is the prefered place
for the MARID check -- then the envelope sender is always known,
without any recourse to the headers, to this just boils down to using
the envelope sender (a la SPF).

Having an a complex fallback algorithm solely for use with post-SMTP
checkers that live behind broken MTAs seems the wrong solution for
MARID (though it was the correct engineering approach for fetchmail).

        -roy