I'm curious about how you accept things like mail from a hotel sent via
sendgrid.com. "Subject: Thanks for booking", that sort of thing. Do you
expect both the hotel and Sendgrid to adapt to your system? Or do you
expect users to never give a hotel their ordinary email address? Or do you
have a novel idea?
Our primary validation mechanism focus only on "Envelope Domain". In a
human-to-human mails, both "Envelope From" and "Message From" gonna be same
usually. This is the reason why I'm relying on MX, SPF and A records for
validation.
Page 37 of my white paper actually has an example for sendgrid.
There are three cases here. Let's say the hotel domain is acme.com
Case 1: Isolated Mailbox
You can generate a disposable email address for acme.com like
acme(_dot_)com(_at_)test123(_dot_)example(_dot_)com. In this case acme.com has
to whitelist
sendgrid.net via their SAD record to deliver mail. _sad.acme.com => "v=sad1
sendgrid.net -all"
If the domain is not found in the SAD record, then the sender will get
error message like "550 Alias Layer Failure. Whitelist the domain in your
SAD record"
Case 2: Normal Mailbox - Unrestricted
In this case, you have not enabled the "restricted mode" which is the
default mode. So you are saying the mail can come from anywhere. It can be
from human, website etc. So we accept mail just like a regular mail system
and use spam filter for scanning mails.
Case 2: Normal Mailbox - Restricted
In this case you are actually saying, you are gonna use the mailbox only
for "human-to-human" mails. If you actually give out your normal email
address to the hotel acme.com, the mail will be accepted as long as
sendgrid.net configured the SPF. Or they will get an error message like
"550 Restricted Box. Unauthorized and Unverified Sender. Please configure
SPF or Send this mail from one of your MX server IP address".
Also note, the "restricted mode" is specially designed for the
human-to-human mails. If you give out your normal mail address to hotel
sites like acme.com, then C/R mechanism won't be helpful here. Because we
actually send the challenge mail to the "Envelope From" address.
sendgrid.net can't able to respond to the challenge mail in this case. So
just stick with the spam filter method.
In restricted mode, we also check the address book. So if the "Envelope
From" address is found in the address book, then the mail will be accepted
even if the sender is an "unverified stranger"
On Wed, Sep 25, 2019 at 6:21 PM Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no>
wrote:
On Wednesday 25 September 2019 13:35:57 CEST, Viruthagiri Thirumavalavan
wrote:
C/R mechanism is an optional mechanism in my system. We are not
forcing anyone to enable that. You can pretty much depends on
the regular spam filter here. Since we accept mails only from
"verified strangers", it can cut down a lot of spam.
I'm curious about how you accept things like mail from a hotel sent via
sendgrid.com. "Subject: Thanks for booking", that sort of thing. Do you
expect both the hotel and Sendgrid to adapt to your system? Or do you
expect users to never give a hotel their ordinary email address? Or do you
have a novel idea?
Arnt
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
--
Best Regards,
Viruthagiri Thirumavalavan
Dombox, Inc.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp