Ref: http://www.ietf.org/internet-drafts/draft-church-dns-mail-sender-02.txt
Andrew Church wrote:
(1) Section 1 is confusing since it is about "Forged Headers".
(2) How serious is the problem of "Sender Address" compared to
the "Forged Headers"?
These are the same problem.
Oh, what I mean was: it is not so clear in the draft, if it is about
the Message Header Format (RFC-2822) or about the SMTP Sender Format
(RFC-2821).
(3) Why use a complicated cryptographic challenge mechanism? AFAIK, it is
quiet common for a current receiving MTA to reject emails that come
from a host with no reverse "in-addr.arpa" information.
Some valid MTAs (achurch.org, for example) don't have reverse DNS
mappings, and I already have enough trouble with over-paranoid mail system
admins.
Then, how would an MS RR overcome the "over-paranoid mail system
admins" problem?
I think I went over this once, but this was the approach I took in
earlier versions, and I rejected it because the administrative burden
becomes significant with dynamic IP addresses and other cases in which
the IP address of an allowed MTA can change.
You might want to consider to add this explanation in your draft.
regards,
--
Rahmat M. Samik-Ibrahim -- vLSM.org -- http://rms46.vLSM.org --
One Debian GNU/Linux,with glibc,and justice for all - Pledge of A