[Top] [All Lists]

Re: Sender's Declaration of Identity

2005-05-17 12:06:38

At 02:27 PM 5/17/2005 -0400, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

On Tue, 17 May 2005 02:08:44 PDT, David MacQuigg said:

>        EHLO
>        MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
> What do you do next?

*I* get to decide that. If I wish to do SPF checks, I perform the required SPF
checks.  If I wish to check a Yahoo-style signature, I do that. And so on.

You will waste a bunch of DNS queries and possibly conclude this message offers no authentication. For each possible Identity (,,, you need to search every possible location for DNS records (<Identity>, _client._smtp.<Identity>, ...), and we still haven't searched all the header identities.

Changing your transaction to read:

       MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>

What do *you* do next? (Note that for *ANY* authentication method I've seen so
far, validating the '' value is the *WRONG* thing to do, because will be set up to verify correctly, even if the EHLO/MAIL FROM

Well, assuming you can get this syntax past Bruce Lilly (ID declaration outside the SMTP session), I would look for a TXT record at, check the reputation listings in that record, then run whatever authentication method(s) the record calls for, assuming I have those methods installed on my MTA, and my server isn't too overloaded to perform whatever twists and turns the method calls for.

Now if your proposed tag said:


*THAT* I can do something with (namely, short-circuit that auth method with
whatever I do for a 'info-not-found' for that method).

My proposal is even better. You query _AUTH.<Identity>, and get not only the list of supported authentication methods, but all the parameters for those methods, plus a list of reputation services and their ratings of the <Identity>, plus some links to additional records, in case all of this doesn't fit into one 512-byte DNS packet. See draft-macquigg-authent-dns.htm for work-in-progress.

************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *