Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
However the fact that mail transits multiple MTAs is hardly remarkable
insight. It has been the nature of networked email for more than 25
years, so it's not clear what prompts your particular question.
My focus in this thread has been MAIL FROM authentication via
records in DNS. Could you explain how multi-hop transit affects the
current scope of an SMTP server performing such authentication?
a) one of the hops fails to forward the message, in which case the
current hop doesn't exist.
b) all of the hops forward the message, in which case none of that
information is visible in MAIL FROM.
e.g. an SMTP server sees "MAIL FROM: user(_at_)example(_dot_)com".
I have no idea how that server could use that data to determine that
any previous hops existed. Therefore, for the purposes of MAIL FROM
authentication via records in DNS, those previous hops do not exist.
Can you, or Doug explain how the previous hops are relevant to MAIL
FROM authentication via records in DNS? While I understand Doug is
trying, all I've gleaned from his responses have been that "mail is
multi-hop". This may be an attempt to say "a message must pass all
MAIL FROM checks in all hops", but I haven't seen that stated
anywhere, as it seems fairly obvious.
Actually, the fact that a mailfrom authentication is being performed an
arbitrary number of MTA hops away from the mailfrom's creation is
extremely relevant to the technical basis and administrative complexity
of maintain DNS information needed to achieve that authentication.
I agree, but that's an issue for the sender, not for the recipient.
There are multiple scopes involved. Each party has it's own scope;
it's own narrow vision of the net. So far in this thread, I have
focussed on the scope of the recipient. In that scope, none of the
previous hops exist, because they cannot be verified to exist.
Correct. If all the information lines up correctly, you know something
useful. If, however, the information is missing or does not line up,
then it is not at all clear you know anything.
I'm not sure what "line up correctly" means. Most of these checks
have only negative value. A "pass" gives you little information. A
"fail" gives you more.
Given the aggregate cost of Internet standards, it is useful to worry a
great deal about the technical, administrative, and operational
complexity of a proposal. I pretentiously call this it's "physics", in
the hope that folks will worry a bit about system dynamics.
http://adsabs.harvard.edu/cgi-bin/nph-bib_query?2000NIMPA.449..172B
Nuclear Instruments and Methods in Physics Research Section A,
Volume 449, Issue 1-2, p. 172-207.
I am not unfamiliar with such concepts. My training is in
modelling, simulation, and development of large systems. The methods
learned in that training are directly applicable to most systems,
though I'm having difficulty applying them here.
There is a tendency to focus only on very localized aspects of a
design.
Because they are simpler than trying to understand the system as a
whole. And if we don't understand the local aspects of a design, we
have very little hope of understanding the system.
Alan DeKok.