Alan,
Mail is normally passed from MTA to MTA on its journey to the destination.
AD> How does that affect MAIL FROM authentication via records in DNS?
That depends upon the authentication scheme and the nature of the
information coming from the DNS.
However the fact that mail transits multiple MTAs is hardly remarkable
insight. It has been the nature of networked email for more than 25
years, so it's not clear what prompts your particular question.
The MTA making the public delivery is often not where the message was
created. The sequence of Mail Transfer Agents carrying the MAIL FROM
identifier is what I had referred to as the mail channel.
AD> None of which is relevant to MAIL FROM authentication via records in
AD> DNS. The previous hops are invisible to MAIL FROM checks.
Actually, the fact that a mailfrom authentication is being performed an
arbitrary number of MTA hops away from the mailfrom's creation is
extremely relevant to the technical basis and administrative complexity
of maintain DNS information needed to achieve that authentication.
You are saying one can not be sure of the origin of the MAIL FROM, but it
is okay to use this identity to assert a reputation assessment against the
actions of the SMTP client.
AD> I'm saying that the recipient may not know the "true" origin, and
AD> that that "true" origin may be un-knowable. The recipient CAN know
AD> that the current hop is authenticated, if the MAIL FROM satisfies
AD> authentication records in DNS.
Correct. If all the information lines up correctly, you know something
useful. If, however, the information is missing or does not line up,
then it is not at all clear you know anything.
And if the scenarios for which the information lines up turn out to be
few, then the entire mechanism has very limited utility.
Given the aggregate cost of Internet standards, it is useful to worry a
great deal about the technical, administrative, and operational
complexity of a proposal. I pretentiously call this it's "physics", in
the hope that folks will worry a bit about system dynamics. There is a
tendency to focus only on very localized aspects of a design.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>