[Top] [All Lists]

Re: Submission identifiers

2009-01-24 23:56:17

At 09:45 24-01-2009, David MacQuigg wrote:
I disagree. If a sender was expected to declare its identity (not a machine name, but the identity by which the world will judge the sender's reputation), then SMTP could say "good enough", the rest is up to others.

Even if we wanted to have the HELO provide an identity along the lines you described, we would not be able to make the change as the protocol is widely deployed.

Nobody I know makes that assumption. A more reasonable assumption is that the Bad Guys won't be able to use the identity of a Good Guy who is honest and competent.

If we were to have such an identity, we would need a way to verify it. As we step back and analyze the "flaws" of SMTP, we see that they are there for a reason. What makes SMTP robust is that it works for a wide range of use-cases. Using an identify in ways discussed in this thread is somewhat at odds with decisions taken for RFC 5321 (see long discussion about MX records in the archive). Section 4.1.3 of RFC 5321 takes into account the problems for SMTP client to determine how to identify itself. If you want a strong identity, you'll have to deal with all that.

<Prev in Thread] Current Thread [Next in Thread>