At 02:27 PM 5/17/2005 -0400, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Tue, 17 May 2005 02:08:44 PDT, David MacQuigg said:
> EHLO mailserver7.bigforwarder.com
> MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
>
> What do you do next?
*I* get to decide that. If I wish to do SPF checks, I perform the
required SPF
checks. If I wish to check a Yahoo-style signature, I do that. And so on.
You will waste a bunch of DNS queries and possibly conclude this message
offers no authentication. For each possible Identity
(mailserver7.bigforwarder.com, bigforwarder.com, sales.some-company.com,
some-company.com) you need to search every possible location for DNS
records (<Identity>, _client._smtp.<Identity>, ...), and we still haven't
searched all the header identities.
Changing your transaction to read:
ID spammers-r-us.com
EHLO mailserver7.bigforwarder.com
MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
What do *you* do next? (Note that for *ANY* authentication method I've seen so
far, validating the 'spammers-r-us.com' value is the *WRONG* thing to do,
because
spammers-r-us.com will be set up to verify correctly, even if the
EHLO/MAIL FROM
don't).
Well, assuming you can get this syntax past Bruce Lilly (ID declaration
outside the SMTP session), I would look for a TXT record at
_AUTH.spammers-r-us.com.mail.gov, check the reputation listings in that
record, then run whatever authentication method(s) the record calls for,
assuming I have those methods installed on my MTA, and my server isn't too
overloaded to perform whatever twists and turns the method calls for.
Now if your proposed tag said:
ID SPF=YES,YAHOO=NO,CVS=YES
*THAT* I can do something with (namely, short-circuit that auth method with
whatever I do for a 'info-not-found' for that method).
My proposal is even better. You query _AUTH.<Identity>.mail.gov, and get
not only the list of supported authentication methods, but all the
parameters for those methods, plus a list of reputation services and their
ratings of the <Identity>, plus some links to additional records, in case
all of this doesn't fit into one 512-byte DNS packet. See
purl.net/macquigg/email draft-macquigg-authent-dns.htm for work-in-progress.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *