Douglas Otis wrote:
This becomes irrelevant should the MTA/Mailbox domain relationships be
viewed as nominal assertions against MAIL FROM and From mailbox domains
and the MTA authentication is an independent operation. Where PRA plays
a role is equally accommodated by the EHLO name anyway.
Hmm. The original intent of all of these before phishing and 2822
headers got thrown in was to verify the parameters of the SMTP
transaction. With the variant scopes we can still do that with ability
to check MAIL FROM via mailfrom scope, and EHLO if CSV is intergrated
into the main record format.
As for PRA, I think I finally understand your point. The PRA and
SUBMITTER invent a new identity, that of the original agent that
submitted the message, akin to the "Sender" header in 2822. I think what
you are trying to say is that there is no need to resort to those
methods, which are less reliable, when 2821 information is available. Is
that correct?
If so, does that mean that this entire set of proposals is not useful
for stopping phishing in any way?
Yakov