ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sender's Declaration of Identity

2005-05-17 12:06:38
from [David MacQuigg] [Permanent Link] 

At 02:27 PM 5/17/2005 -0400, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:


On Tue, 17 May 2005 02:08:44 PDT, David MacQuigg said:

>        EHLO  mailserver7.bigforwarder.com
>        MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
>
> What do you do next?
*I* get to decide that. If I wish to do SPF checks, I perform the required SPF 
checks.  If I wish to check a Yahoo-style signature, I do that. And so on.
You will waste a bunch of DNS queries and possibly conclude this message offers no authentication. For each possible Identity (mailserver7.bigforwarder.com, bigforwarder.com, sales.some-company.com, some-company.com) you need to search every possible location for DNS records (<Identity>, _client._smtp.<Identity>, ...), and we still haven't searched all the header identities. 


Changing your transaction to read:

       ID spammers-r-us.com
       EHLO mailserver7.bigforwarder.com
       MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>

What do *you* do next? (Note that for *ANY* authentication method I've seen so
far, validating the 'spammers-r-us.com' value is the *WRONG* thing to do, because spammers-r-us.com will be set up to verify correctly, even if the EHLO/MAIL FROM 
don't).
Well, assuming you can get this syntax past Bruce Lilly (ID declaration outside the SMTP session), I would look for a TXT record at _AUTH.spammers-r-us.com.mail.gov, check the reputation listings in that record, then run whatever authentication method(s) the record calls for, assuming I have those methods installed on my MTA, and my server isn't too overloaded to perform whatever twists and turns the method calls for. 


Now if your proposed tag said:

       ID SPF=YES,YAHOO=NO,CVS=YES

*THAT* I can do something with (namely, short-circuit that auth method with
whatever I do for a 'info-not-found' for that method).
My proposal is even better. You query _AUTH.<Identity>.mail.gov, and get not only the list of supported authentication methods, but all the parameters for those methods, plus a list of reputation services and their ratings of the <Identity>, plus some links to additional records, in case all of this doesn't fit into one 512-byte DNS packet. See purl.net/macquigg/email draft-macquigg-authent-dns.htm for work-in-progress. 

--
Dave
************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at yahoo.com     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sender's Declaration of Identity, Hector Santos
Next by Date:  Re: Sender's Declaration of Identity, Valdis . Kletnieks
Previous by Thread:  Re: Sender's Declaration of Identity, Valdis . Kletnieks
Next by Thread:  Re: Sender's Declaration of Identity, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]