[Top] [All Lists]

Re: Need for secured email delegation workflow

2017-07-13 23:25:13
Definition: Email Delegation will be the workflow in which a user is able
to send emails on behalf of another user. A general example will be a
secretary replying back to emails which his/her boss received.

Oh, OK. This is rather outside the scope of IETF standards. Historically (like more than a decade ago) mail programs let anyone put any address on the From: line. These days we have some designs like SPF and DMARC that limit sending mail as other domains (e.g., as security(_at_)paypal(_dot_)com if your regular address is boris(_at_)phish(_dot_)wtf) but we've never said anything about how a system decides who's allowed to send mail from various addresses in the same domain.

We do have standards for logging into mail systems both to send and to pick up mail. A widely used convention (not a standard) is that you can send mail with an address on the From: line if you have the credentials to pick up mail sent to that address. If that's your local convention, we do have designs like oauth which allow access delegation. That might be a useful place to look.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.