my assessment is that this proposal needs two or three things to
1. a set of rules which ensure that MTAs that implement this proposal
do no harm to the handling of messages for which they're not willing
to trust the sender's assertion of priority. e.g. either they
trust the sender's assertion of priority or they simply ignore it.
2. a rule which asserts that when the claimed priority is accepted,
higher priority messages are treated no worse than lower priority
ones. (as opposed to priority being interpreted however the MTA
3. a story about authentication. I can see two ways to do this:
- "chain of trust" model
sender authenticates to original MTA using SMTP AUTH,
non-original MTAs can trust the priority of messages relayed from
other MTAs if those MTAs also use SMTP AUTH.
this implies that MTAs don't relay priority unless they receive
the message from a trusted source.
this is a weak model, as trust isn't really transitive.
but it could work in a limited scenario like a military organization.
- "capability model"
along with original message, client supplies (say in MAIL FROM)
a verifiable assertion of his ability to set priority this messages.
essentially this requires that the client sign the message
(modulo received headers) though you also could allow the originating
MTA to sign the message based on the sender's SMTP AUTH credentials.
note that this isn't intended for authenticating the message to the recipient;
the signature would not be passed to the recipient.
this model would allow priorities to be relayed, but each MTA could
then decide (based on the signature) whether to accept the sender's
credentials. if the MTA did not accept them, it would ignore priority
(but it could still relay the priority and the signature to the next
MTA if it supported those extensions)