"Chris Haynes" <chris(_at_)harvington(_dot_)org(_dot_)uk> wrote:
The recipient is invited to accept that the message _is_ from the
purported domain because the Sender's Policy says he should - she
has declared that shared MTA trustworthy. It's her message, her
policy, her choice of shared MTA.
I can publish a record saying my MTA is the best in the world.
That's my perogative as admin, but it doesn't mean that statement is
an accurate refelection of reality. It's a statement of faith, and
nothing more.
The receiver has to trust:
1) The DNS service to deliver the correct SPF policy for the domain
2) The IP transport system to report accurately the IP address of the sending
MTA.
The recipient already trusts DNS & IP transport, independent of any
additional records in DNS. Adding SPF or other records in DNS changes
nothing about that trust.
The message has been identified as coming from the sender's domain, and the
sender has accepted responsibility for the behaviour of the MTA.
Which is not the same as claiming the message actually originating
from the sender. So why make that claim?
Instead, claim that "MAIL FROM" checks means that the domain admits
that the shared MTA can use it's name in MAIL FROM, and that the
domain will accept the bounces from messages sent by that MTA, for
messages which use it's name in MAIL FROM.
I invite you to be specific about this second trust relationship you talk of.
I'm not sure what part of my message was unclear.
a) An "originating" domain allows the shared MTA to send messages
using it's name in "MAIL FROM". The recipient can verify that
the name is being used, and that the "originating" domain has
publicly stated that such use of it's name is permitted.
b) An "originating" domain claims that when a shared MTA uses it's
name in "MAIL FROM", that those messages are not being spoofed by
another party sharing that MTA. The recipient has no way of proving
to his own satisfaction that such a statement is true.
Therefore, that statement has little or no meaning the recipient.
It is useful solely as a statement about the "originating"
domain's beliefs, and not as a statement reflecting any kind of
objective reality.
Agreed - I don't think I was advocating a 'binary' value in the trust itself,
was I?
No.
If you intend this as a criticism of SPF then you have to expose
these unspoken assumptions.
It's not a criticism of SPF.
I'm not associated with any one scheme. I'm a 'sufferer' who needs
a workable, engineeringly-viable solution.
That's pretty much my stance. I haven't seen anything dramatically
useful, just a collection of tools which can help.
We are being
invited to consider the candidates one by one. This goes agains all my
engineering instincts, which are to:
a) Agree the objectives and metrics of success,
The charter already talks about MTA authorization records in DNS.
To a certain extent, any discussion of the objectives is too late.
b) Identify all viable candidates,
c) Assess them in parallel against the objectives, constructing interesting
scenarios, test cases etc. - against which all candidates can be evaluated.
Yes, well, that would be nice. Instead, we have umpteen patent
discussions, and few ways to determine which proposal is "better", or
even if a proposal is "good enough".
It may well be that you can see some specific weakness in the use of
Mail-From that the rest of us cannot see and that you can do the WG
a service by exposing that specific weakness.
I'm not sure it's a weakness, so much as a lack of information. The
MAIL FROM isn't about the originator, it's about the bounce path. So
all you know about any value used in MAIL FROM is:
a) the SMTP client sent you that value
b) that value might be an actual bounce path for the message
Any "trust" in the MAIL FROM cannot be based on information which
MAIL FROM does not contain: the identity of the originator. Any
"trust" in MAIL FROM can only be based on the information which MAIL
FROM does contain: the bounce path.
I've been trying to manoeuvre you into doing this with your 'trust'
concern. I'm genuinely trying to understand the 'space' in which
the receiver's trust or mistrust of the sending MTA matters to you.
I understand, and I've tried to explain as best I can.
What is it that the sending MTA can do or not do which, whilst still
honoring the trust that the sender has in that MTA, causes Mail-From
to be flawed?
It's not the MAIL FROM which is flawed, it's the ability of the
recipient to believe the senders trust in the shared MTA, as anything
other than a statement of faith made by the vender.
Faith is nice for the believer, but it means nothing to someone
else. Experiments, and directions for reproducing those experiments,
are useful to both the experimentor and to anyone he's trying to
convince. For MARID, unverifiable statements about a senders beliefs
are faith, nothing more.
Or, as Emily Dickinson said:
Faith is a fine invention
When gentlemen can see,
But microscopes are prudent
In an emergency.
Alan DeKok.