On Mon, 2004-09-27 at 12:57, william(at)elan.net wrote:
Assuming any identity added will need to undergo authentication, how
would this identity be substantially different than that already
possible employing the EHLO domain? This EHLO information is already
present within the initial exchange and recorded within the messages
headers. Once authenticated, this EHLO name allows safe mail channel
assertions without the need to obtain an extensive address list.
Processed-By and Original- and New- are not identity headers.
They are all trace headers (like Received and Return-Path) intended
to be used by email agents that have made changes to either destination
or source (this being either the envelope parameters and rfc2822 email
address headers) of email transmission and would like a standard way to
record this information in email message
Should the EHLO domain be authenticated, then whether a change has been
made to any headers or not still allows the message source to be
traced. The EHLO domain can be selectively presented based upon a
desire to reference a particular domain. The authentication of the EHLO
domain also allows the mailbox domain a simply reference to a name list
as a means to indicate the nominal mail channel without risk of this
information being exploited. Such an exploit is possible with SPF or
Sender-ID, especially where the lists are left open and yet used within
a gate-keeper function.
It would make it easier if you could describe the problem being solved.
-Doug