Tony Finch wrote:
I think this points out something important that could perhaps be made
more explicit in the specification. BATV is designed for the usage model
where you must use the domain's submission servers if you want to send
email claiming to be from that domain, and all the submission servers must
implement BATV.
Seems obvious in the way the spec is written now? It certainly is front
and center in our office discussions, since we (Postini) charge more for
using our submission servers than for using our inbound servers alone.
(Engineering considers that a liability; marketing considers that a
feature. :-) It gets into the same issues as SPF did -- mobile users,
sites setting up their own private send servers, etc. Unlike SPF (and
like DKIM), you do still have the option of deploying BATV to your
mobile users, private servers, and whatnot -- *if* they are all doing it
the same way.
<csg>