ietf-smtp
[Top] [All Lists]

Re: "Header Reordering", yet again

2005-05-28 17:59:37

David MacQuigg <david_macquigg(_at_)yahoo(_dot_)com> wrote:

I would establish three levels of compliance for servers wanting to be 
listed as Public Mail Servers:

1) Servers that will declare their ID, and provide a DNS record to 
authorize the use of that ID.

   This is, in fact, what CSV does.

2) Servers that will capture the IP address and any ID declared by the 
previous sender, and prepend that information in a standard authentication 
header.

   This, while interesting, is not useful.

3) Servers that will perform an authentication check on the declared ID, 
using any widely-accepted method, and prepend the result of that check.

   This is the "chain of trust" idea. It is easy to ridicule any chain
of trust, which is never stronger than its weakest link; but if we follow
a prepending model, we have some genuine hope of reaching that strength.
To paraphrase Thornton Wilder's Matchmaker, "The difference between a
little trust and no trust at all can shake the world."

Servers which only originate, and do not forward mail from other domains, 
need only reach Level 1.

   Exactly.

   And, in fact, level 3 is merely a nice-thing, not an essential.
Reputation services could perfectly well rate forwarders on how well
they do at rejecting bad-reputation sending MTAs.

   What this _does_ buy us is the ability to pass on useful reputation
information, to be evaluated later in the forwarding chain.

--
John Leslie <john(_at_)jlc(_dot_)net>


<Prev in Thread] Current Thread [Next in Thread>