In <400A3DF2(_dot_)24050(_dot_)A479CC12(_at_)localhost> "John Warren"
<John(_at_)wenet(_dot_)tustin(_dot_)ca(_dot_)us> writes:
Let's stop and take a deep breath.
Ok, now that we done that I'm going to restate my idea since my
original one was on the right track but had some flaws and my adjusted
one seems not to have gotten across.
Good idea.
The idea of using SRS is going to require changes to MTAs which would
also be the case with what I'm purposing but I think my changes follow
the RFCs better than SRS.
That is a valid idea to consider.
Problem.
Being able to prove that mail is being sent from a valid mail host and
or user.
Solutions:
SPF and IMX plus others. IMX does take care of where mail comes from
and SPF does protect the domain owner. Both can and should work
together.
Note: SPF does everything that IMX does. While they may be able to
work together, using both is redundant.
SPF, IMX, RMX, DMP, DRIP, etc. are all designated sender systems.
They don't say whether an IP address is a valid mail host. Rathery,
they say whether a given domain owner has authorized a given IP
address as being authorized to send email using their domain name.
All of these designated sender systems allow you to say that 224.1.2.3
is a valid IP address, but since 224.1.2.3 is a multicast IP address,
it can't possibly be a valid mail host.
MTAMark, on the otherhand, can be used to mark valid MTA hosts.
Problem:
Being able to send mail using your legal e-mail address from a domain
other than the one in your e-mail address. This has very basic and
valid business reasons and needs to not be blocked.
[...]
Solution:
The Sending MTA/MSA must make sure that the "MAIL FROM" in the SMTP
envelope MUST always contain the valid local authenticated e-mail
address of the of the sender no matter what the sender puts in the
"FROM" or "REPLY-TO" fields in the message header. Both RFC 2476 and
2821should be updated to require this since it's currently ambiguous.
The Sending MTA Should replace or add, as required, a "SENDER" field to
the message header, as stated in RFC 2476, that matched the "MAIL
FROM" used in the SMTP envelope.
I think that RFC 2476 should be changed to make this a MUST rather than
SHOULD requirement.
Getting an RFC through IETF that would change RFC2476 and RFC2821 is
going to be *real* hard. Getting actual MTAs in the field to comply
with those changes will take decades.
Note that RFC2821 is still a *proposed standard*, it still needs to
get through the *draft standard* stage before it can supersede RFC821
as an *internet standard*. RFC2821 was written in Apr 2001, close to
three years ago. It will be lucky to make it through the final two
stages this year.
Win, Win, Win so what am I missing?
I want something done within my lifetime. Your proposed changes to
RFCs will not be reflected in the real world for a *very* long time.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡