Following on from the discussion on the viability of a pure ESMTP-only sender
authentication scheme, I've distilled my ideas into a mock-up "internet
draft" format:
http://www.polityresearch.com/misc/xqsa-draft.txt
I've renamed it to XQSA in order to avoid confusion with SPF. It may be
considered complimentary to SPF rather than an alternative.
The idea is to permit SMTP servers not only to publish their own authorization
data, but also to talk to each other and form a 'web of trust' for lookups
using different heuristic sender authorization schemes. I'm thinking this
would enable the scheme to become useful long before widespread adoption,
since muliple server's local mechanisms can be aggregated to establish levels
of confidence.
I welcome comments :)
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.6.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡