Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
From the Latin authenticus- coming from the real author, of original or
first-hand authority. It would be a mistake to apply this term to a
second-hand authority, as is the case with SPF or Sender-ID.
I thought we were discussing security terms, not Latin.
Rather, this mailbox domain has authorized second-hand parties to
act on their behalf and claim this authorization has been validated.
No. The domain has published authentication information. The
SMTP server then uses this information to decide if it wants to
authorize the SMTP client.
The SMTP server cannot authenticate the client, because it doesn't
know who the client is. The DNS server holding the records obtained
by the SMTP server cannot authorize the SMTP client, because the SMTP
client isn't asking that DNS server for permission to do anything.
Security guards authorize people. Corporate IT authenticates them.
It is not proper to claim an MTA, authorized to send messages with
my-small-business mailbox domain, is the same as being administered by
my-small-business.com.
Which is why I never said that.
then it would
be imprudent to label *all* domains at that MTA "bad", just because
you authenticated the MTA via EHLO.
When the MTA administrator does not revoke access to abusive accounts,
why consider any message from this MTA to be valid?
You're contradicting yourself. Previously in this thread, you were
opposed to labelling people with a "broad brush". Now, you're
claiming it's a good idea.
Thanks. This lets me know your position isn't well-defined.
Alan DeKok.