On Sat, 11 Sep 2004, Frank Ellermann wrote:
Yes, it could replace the "Received-SPF:" header in the SPF classic
draft. I'm a bit lost with one of the examples (9.4), it has auth=,
spf=, and sender-id=, but AUTH is done by the MSA, while spf resp.
sender-id tests are done by the MX / MDA.
I included any authentication information that might be useful to an MUA
or LDA when evaluating how trustworthy the sender data is. If for example
there are multiple layers of transport within an organization, and
sender-id, SPF and DomainKeys are only done at the border inbound but an
internal message was injected for which the client authenticated using
SMTP AUTH, I felt that fact should be relayed should the MUA or LDA wish
to make a decision based on it.
I also used it as the only available already-standard sender
authentication scheme on the books; everything else is only a draft thus
far.