--On Friday, January 23, 2009 4:17 -0700 David MacQuigg
At 01:46 AM 1/23/2009 -0500, John C Klensin wrote:
However, I had a discussion early this week with someone
interested in the slightly-fuzzy text about arguments to HELO
and/or EHLO and their relationship to spam-fighting.
The fundamental problem has always been the lack if an
easily-verified identity associated with the mail session. If
you are going to make a change, it should be in the direction
of correcting that problem. You should make the parameter to
the HELO/EHLO command that identity, rather than the name of a
machine or an address literal. We already have a
machine-level IP address from the underlying TCP/IP protocol.
What is needed is a higher-level identity that is 1) unique,
2) easily verified, and 3) useful for accumulating reputation.
A registered domain name fulfills all three requirements.
Machine names and IP addresses fail requirement 3.
David, whether this is a good idea or a bad one, it would impose
entirely new requirements --and even a new mechanism-- and
therefore would be seriously out of scope for 5321bis. As I
have suggested about other new mechanism/requirement
suggestions, please construct an I-D that is detailed enough for
people to evaluate the mechanisms and their implications and
then discuss with the ADs how it can be processed for Proposed
Standard. It is about eight years too late for 5321bis.